Retool DB Security – Missing IP Whitelisting & Brute-Force Protection?

lindakwoo · April 4, 2025, 6:18pm

Hi @Daniel_Swenson,
I understand your concerns about database security. It is true that for retoolDB, while we have some security in place, we don't allow users to do things like IP whitelisting. These limitations can be addressed in one of two ways:

Still on cloud, you could use a self-hosted postgres database and a postgres resource instead of a RetoolDB resource. All your apps and workflows can use them in the same way.
You could go self-hosted which will allow you to use your own infra for RetoolDB rather than our cloud hosted postgres server.

Both of these options enable you to use your own postgres server, so you won't be limited to the security that we enforce for our cloud hosted DB.

Topic		Replies	Views
Securing Retool Database Access: Is there a function to restrict the access source by IP? 💬 Queries and Resources resource-connection	3	795	October 18, 2023
What are best practices for connecting local resource to Retool cloud securely? 🤝 Discussion resource-connection , welcoming-replies	5	1838	December 4, 2024
Retool Database beta - backup + remote connection 💬 Queries and Resources	7	1417	July 27, 2023
Connecting Retool to Heroku Postgres Database 💬 Queries and Resources	5	625	June 14, 2024
Restrict Logins to certain IP ranges 💬 Feature Requests	20	2652	June 25, 2025

Retool DB Security – Missing IP Whitelisting & Brute-Force Protection?

Related topics