PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.

Integration Overview

Opal supports AWS or GCP-managed RDS databases out of the box. Database access can be scoped to any granularity your database allows including table and even column-level access. Developers can easily discover and request for just-in-time short-lived access to RDS databases. All databases can be accessed using your favorite 3rd party database viewers, like Postico, or through the command line.

Opal + Postgres Use cases

Protect against breaches with least privilege

• Grant just-in-time access to postgres databases that are auto-expiring and fully audited using Slack

• Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more

Accelerate employee access on paved roads

• Enable resource owners with the most context to approve access requests and provision access automatically via Slack

• Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles

• Automate on-call access by provisioning and deprovisioning access via on-call schedules

Simplify compliance without manual overhead

• Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report

• Review access of employees who have recently transferred roles or departments

Native engineering workflows

To support native developer workflows, Opal has:

• Easy CLI access to start sessions

• Enable developers to generate auto-expiring credentials that expire after 15 minutes. For DevOps teams, this eliminates the need for credential rotation. For security teams, this bolsters security posture as the credentials are identity-based and developers aren't using static credentials.

• Auditing capabilities for identity-based attribution