Fly

Guide to set up your Fly database with Velvet

In this guide, we outline the steps required to securely connect your Fly database to your Velvet workspace. You may be able to skip some of these steps if you've previously connected your database to other services.

Depending on whether you're starting a new project from scratch, or connecting a database that's already configured for a third-party tool - this will take between 10 minutes and 2 hours.

  1. Create a read-only user
  2. Set up a static IP address (guide here)
  3. Identify and copy your connection string
  4. Configure which database tables you want to connect with Velvet

1. Create a read-only user

It's best practice to create a user with read-only permissions for products like Velvet. Create a user with read-only permissions in Fly.

Connect to your Fly Postgres instance and run the following SQL statements via psql. These statements create a velvet_readonly user with the password a very good password and gives them the velvet_read_all_data role.

PostgreSQL v14 includes a pg_read_all_data role. Run fly image show in your Fly instance to determine your version.

Read-only user configuration:

-- Create a new user with read-only access to the database
-- Recommend to run each step one by one, as some steps may
-- fail if the user does not have the necessary privileges.

-- Step 1: Create the user
CREATE USER velvet_readonly WITH LOGIN PASSWORD 'your_secure_password';

-- Step 2: Grant connect privilege to the database 
-- (replace your_database_name with the actual name - on supabase it's postgres)
GRANT CONNECT ON DATABASE postgres TO velvet_readonly;

-- Step 3: Grant usage on schemas. This allows the user to see the schemas
GRANT USAGE ON SCHEMA public TO velvet_readonly;
GRANT USAGE ON SCHEMA auth TO velvet_readonly; -- optional

-- Step 4: Grant select on all tables and views in the schemas
GRANT SELECT ON ALL TABLES IN SCHEMA public TO velvet_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA auth TO velvet_readonly;

-- Step 5: Ensure future tables and views in these schemas are also accessible
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO velvet_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA auth GRANT SELECT ON TABLES TO velvet_readonly;

-- [OPTIONAL] Step 6: Bypass RLS policies
ALTER ROLE velvet_readonly BYPASSRLS;

Click Run and execute query.

Once you've created a read-only user, move on to the next step.

2. Set up a static IP address

Set up a static IP using our static IP configuration guide.

3. Identify and copy your connection string

Find your database connection string to paste it into your Velvet workspace config. If you already have a connection string, jump ahead to section #4.

Or, follow the guide below for building your connection string for the first time.

Allocate a public IP address

Fly.io does not expose Postgres apps to the internet by default. In order to set up a connection to Fly.io you must expose the DB to the public internet by allocating a public IP address using the Fly CLI.

  1. Allocate an IPv4 address: fly ips allocate-v4 --app <pg-app-name>
  2. Pull down a fly.toml configuration file for your Postgres app: fly config save --app <pg-app-name>. Note: This could overwrite a fly.toml in the current directory.
  3. Append the following to your fly.toml. This will allow connections on an external port, and direct incoming requests to your Postgres instance.
[[services]]
  internal_port = 5432 # Postgres instance
  protocol = "tcp"

[[services.ports]]
  handlers = ["pg_tls"]
  port = 5432

Deploy with the new configuration.

  1. Figure out which image and tag (Postgres version) you’re on: fly image show --app <pg-app-name>
  2. Deploy your cluster, using --image with the image:tag found in the previous step: fly deploy . --app <pg-app-name> --image flyio/postgres:<major-version>

Copy the connection URI

Read our general guide on URI construction here. The Fly-specific overview is below.

  1. The connection URI is in the form: postgres://{username}:{password}@{hostname}:{port}
  2. The hostname is internal, so you must substitute your newly publicly reachable hostname (<pg-app-name>.fly.dev)
  3. Provide a read-only user in the username/password.
  4. Copy the connection URI.

4. Configure your database and tables on Velvet

Configure Fly as a remote database connection and select which tables you want connected.

  1. Tap into a workspace in your Velvet dashboard
  2. Tap "Add a data source"
  3. Select type "Remote database"
  4. Name your database
  5. Paste in your database URI. Note: After providing your database credentials for the first time, we manage the connection using ClickHouse. If required, you can add ClickHouse's Static IPs to an allowlist - Read their API documentation here.
  1. Select and configure the table you want to connect as a source.
  1. Name your table and create the source.
  1. Repeat steps 6 and 7 to add each table you want included as a data source.
  2. You can now view, search, and filter data inside your database source.

Great job, you’ve connected your internal database as a data source. We’ll capture data from your connected tables so you can query them in your Velvet workspace.

Email [email protected] for support or feedback.