Persistence

PostgreSQL

PostgreSQL is the recommended database backend for production deployments.

Managed Postgres Compatibility

Some hosted PostgreSQL platforms require additional configuration due to platform-specific restrictions.

Use direct connection (not connection pooler).

{
  "database": {
    "postgres": {
      "url": "postgresql://pscale_api_<username>.<unique-id>:<password>@<region>.pg.psdb.cloud:5432/postgres?sslmode=require",
      "unstable_disable_lock_customization": true
    }
  }
}

Configuration file

RIVET__database__postgres__url="postgresql://pscale_api_<username>.<unique-id>:<password>@<region>.pg.psdb.cloud:5432/postgres?sslmode=require"
RIVET__database__postgres__unstable_disable_lock_customization=true

Environment variables

For better performance, set deadlock_timeout = 10ms in the PlanetScale dashboard at Clusters → Parameters → Query Tuning.

Use direct connection on port 5432 (not connection pooler).

Without SSL

{
  "database": {
    "postgres": {
      "url": "postgresql://postgres:<password>@db.<project-ref>.supabase.co:5432/postgres?sslmode=disable",
      "unstable_disable_lock_customization": true
    }
  }
}

Configuration file

RIVET__database__postgres__url="postgresql://postgres:<password>@db.<project-ref>.supabase.co:5432/postgres?sslmode=disable"
RIVET__database__postgres__unstable_disable_lock_customization=true

Environment variables

With SSL

Download the root certificate from your Supabase dashboard and specify its path. See Supabase SSL Enforcement for details.

{
  "database": {
    "postgres": {
      "url": "postgresql://postgres:<password>@db.<project-ref>.supabase.co:5432/postgres?sslmode=require",
      "unstable_disable_lock_customization": true,
      "ssl": {
        "root_cert_path": "/path/to/supabase-ca.crt"
      }
    }
  }
}

Configuration file

RIVET__database__postgres__url="postgresql://postgres:<password>@db.<project-ref>.supabase.co:5432/postgres?sslmode=require"
RIVET__database__postgres__unstable_disable_lock_customization=true
RIVET__database__postgres__ssl__root_cert_path="/path/to/supabase-ca.crt"

Environment variables

SSL/TLS Support

To enable SSL for Postgres, add sslmode=require to your PostgreSQL connection URL:

{
  "database": {
    "postgres": {
      "url": "postgresql://user:password@host.example.com:5432/database?sslmode=require"
    }
  }
}

Configuration file

RIVET__database__postgres__url="postgresql://user:password@host.example.com:5432/database?sslmode=require"

Environment variables

The sslmode parameter controls TLS usage:

disable: Do not use TLS
prefer: Use TLS if available, otherwise connect without TLS (default)
require: Require TLS connection (fails if TLS is not available)

To verify the server certificate against a CA or verify the hostname, use custom SSL certificates (see below).

Custom SSL Certificates

For databases using custom certificate authorities (e.g., Supabase) or requiring client certificate authentication, you can specify certificate paths in the configuration:

{
  "database": {
    "postgres": {
      "url": "postgresql://user:password@host:5432/database?sslmode=require",
      "ssl": {
        "root_cert_path": "/path/to/root-ca.crt",
        "client_cert_path": "/path/to/client.crt",
        "client_key_path": "/path/to/client.key"
      }
    }
  }
}

Configuration file

RIVET__database__postgres__url="postgresql://user:password@host:5432/database?sslmode=require"
RIVET__database__postgres__ssl__root_cert_path="/path/to/root-ca.crt"
RIVET__database__postgres__ssl__client_cert_path="/path/to/client.crt"
RIVET__database__postgres__ssl__client_key_path="/path/to/client.key"

Environment variables

Parameter	Description	PostgreSQL Equivalent
`root_cert_path`	Path to the root certificate file for verifying the server’s certificate	`sslrootcert`
`client_cert_path`	Path to the client certificate file for client certificate authentication	`sslcert`
`client_key_path`	Path to the client private key file for client certificate authentication	`sslkey`

All SSL paths are optional. If not specified, Rivet uses the default system root certificates from Mozilla’s root certificate store.

Do Not Use Connection Poolers

Rivet requires direct PostgreSQL connections for session-level features and does not support connection poolers.

Do not use:

PgBouncer
Supavisor
AWS RDS Proxy

This disables Rivet’s attempt to set lock_timeout = 0 and deadlock_timeout = 10ms. Since lock_timeout defaults to 0 in PostgreSQL, skipping these settings is safe. Deadlock detection will use the default 1s timeout instead of 10ms.

PostgreSQL

Basic Configuration

Managed Postgres Compatibility

Without SSL

With SSL

SSL/TLS Support

Custom SSL Certificates

Do Not Use Connection Poolers

Troubleshooting

Permission Denied Errors