> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connection details

> Find your database's connection string, understand how credentials stay secure, and connect external tools.

Your app connects to its database through credentials that Replit manages for you. Find them in the **Database** tool: select a database, then open the **Settings** tab. It shows the connection string, storage usage, and advanced connection details.

<Frame>
  <img src="https://mintcdn.com/replit/NpPvJoYkdyf9nnNV/images/databases/connection-details-settings.png?fit=max&auto=format&n=NpPvJoYkdyf9nnNV&q=85&s=bdbc4b2324713820dccdf0995a3cef85" alt="Database Settings tab showing the DATABASE_URL connection string, storage usage, and advanced connection details" width="1440" height="900" data-path="images/databases/connection-details-settings.png" />
</Frame>

## Environment variables

The following environment variable is available for connecting to your development database:

* `DATABASE_URL`: how to connect and authenticate to the database

Your app uses it automatically. Because `DATABASE_URL` is scoped to your app, your development database cannot be accessed by other apps, even ones you own, or by external database viewers. Even if leaked, it cannot be used by anyone else to access and modify your database.

<Info>
  If your development database is still on the [legacy Neon infrastructure](/features/data-and-storage/development-and-production#legacy-development-database), the additional variables `PGHOST`, `PGUSER`, `PGPASSWORD`, `PGDATABASE`, and `PGPORT` are also available. These are **not** provided for databases hosted on Replit's current infrastructure; use `DATABASE_URL` instead.
</Info>

<Warning>
  If you are still on the legacy Neon development database, do not share your `DATABASE_URL`. It contains your database credentials, which could be used by anyone to access and modify your database. Never paste it in public places or support tickets.
</Warning>

## Connect an external tool

You can connect to your **production** database from any PostgreSQL-compatible SQL client using the connection string from the production database's **Settings** tab.

## Security

When you add a database integration using Agent, it adds an Object-Relational Mapper (ORM) that handles all database communications with built-in security:

* **Schema validation**: Verifies data conforms to expected formats
* **Data sanitization**: Automatically cleans up builder input to prevent SQL injection attacks

## Next steps

* [Work with your data](/features/data-and-storage/work-with-your-data): Browse and query without leaving Replit.
* [Development and production](/features/data-and-storage/development-and-production): How your two databases differ.
