Skip to main content

Database Operations

Eve Horizon provides managed Postgres databases provisioned through your manifest, plus a full suite of CLI tools for migrations, schema inspection, SQL access, and credential management. Databases are scoped to environments -- each environment gets its own isolated tenant.

Managed database overview

Managed databases are platform-provisioned Postgres instances declared in your manifest. Unlike regular services, managed DB services are not rendered into Kubernetes manifests -- the orchestrator provisions a tenant when you deploy an environment.

The provisioning lifecycle follows this flow:

Key characteristics:

  • Provisioning occurs on first deploy for each environment
  • Each environment gets an isolated database tenant
  • Credentials are managed by the platform and available via interpolation
  • Managed DB availability depends on platform configuration -- ask an admin if provisioning is disabled

Provisioning via manifest

Declare a managed database as a service with x-eve.role: managed_db:

services:
db:
x-eve:
role: managed_db
managed:
class: db.p1
engine: postgres
engine_version: "16"

Configuration fields

FieldRequiredDescription
roleYesMust be managed_db
classYesDatabase tier -- db.p1, db.p2, or db.p3
engineYesDatabase engine (currently postgres)
engine_versionNoEngine version (e.g., "16")

Database tiers

TierUse case
db.p1Development and testing
db.p2Staging and light production
db.p3Production workloads

Referencing managed values

Other services reference managed database values using interpolation placeholders that are resolved at deploy time:

services:
db:
x-eve:
role: managed_db
managed:
class: db.p1
engine: postgres
engine_version: "16"

api:
build:
context: ./apps/api
ports: [3000]
environment:
DATABASE_URL: ${managed.db.url}
depends_on:
db:
condition: service_healthy

The ${managed.<service>.<field>} syntax resolves to the provisioned values when the environment is deployed. Use eve db status to confirm tenant readiness before relying on managed values.

Database status and credentials

Checking status

Verify that your managed database is provisioned and ready:

eve db status --env staging

This shows the provisioning state, connection details, and health of the managed database for the specified environment.

Credential rotation

Rotate database credentials when needed for security compliance:

eve db rotate-credentials --env staging

After rotation, redeploy services that reference managed database values so they pick up the new credentials.

Migrations

Eve provides a migration workflow built around SQL files with timestamp-based ordering.

Creating a new migration

eve db new create_users_table

This creates a new migration file under db/migrations/ with the naming convention YYYYMMDDHHmmss_create_users_table.sql. The timestamp prefix ensures migrations execute in the correct order.

You can specify a custom migrations directory:

eve db new create_users_table --path db/custom-migrations

Running migrations

Apply pending migrations to an environment:

eve db migrate --env staging

To use a custom migrations path:

eve db migrate --env staging --path db/migrations

Listing applied migrations

View which migrations have been applied:

eve db migrations --env staging

Migration as a pipeline step

For automated workflows, you can run migrations as a pipeline step using a service with x-eve.role: job:

services:
migrate:
image: flyway/flyway:10
command: >-
-url=jdbc:postgresql://db:5432/app
-user=app
-password=${secret.DB_PASSWORD}
-locations=filesystem:/migrations
migrate
volumes:
- ./db/migrations:/migrations:ro
depends_on:
db:
condition: service_healthy
x-eve:
role: job

pipelines:
deploy:
steps:
- name: migrate
action: { type: job, service: migrate }
- name: deploy
depends_on: [migrate]
action: { type: deploy }

This ensures migrations run before the application deploy step, and the pipeline fails if the migration fails.

Schema management

Inspecting the schema

View the current database schema for an environment:

eve db schema --env staging

To scope to a specific project:

eve db schema --env staging --project proj_xxx

Row-level security

Inspect the RLS policies configured on your database:

eve db rls --env staging

This shows all active row-level security policies, which tables they apply to, and the policy expressions.

SQL access

The eve db sql command provides direct SQL access to environment databases. This is useful for ad hoc queries, debugging, and data inspection.

Read queries

# Inline query
eve db sql --env staging --sql "SELECT count(*) FROM users"

# Query from a file
eve db sql --env staging --file ./queries/user-report.sql

Write queries

Write operations require the --write flag as a safety measure:

eve db sql --env staging --sql "UPDATE users SET active = true WHERE id = 42" --write
warning

The --write flag is a safety gate, not a permission check. Always verify your SQL before running write operations against production environments.

SQL access patterns

PatternCommand
Quick counteve db sql --env staging --sql "SELECT count(*) FROM orders"
Table inspectioneve db sql --env staging --sql "SELECT * FROM users LIMIT 10"
Report from fileeve db sql --env staging --file ./reports/monthly.sql
Data fixeve db sql --env staging --sql "UPDATE ..." --write

Scaling

Scale a managed database to a different tier:

eve db scale --env staging --class db.p2

This changes the database tier for the specified environment. The operation may involve a brief maintenance window depending on the platform configuration.

Backup and restore

Managed databases are backed up by the platform according to the tier's backup policy. For manual backup operations, use the SQL access commands to export data:

# Export a table to check data before a migration
eve db sql --env staging --sql "SELECT * FROM users" > users-backup.json

For full backup and restore procedures, coordinate with your platform administrator -- the managed database infrastructure handles automated backups at the platform level.

Destroying a managed database

Remove a managed database tenant from an environment:

eve db destroy --env staging --force

The --force flag is required to confirm destruction. This permanently removes the database tenant and all its data for the specified environment.

danger

Database destruction is irreversible. Ensure you have backups before running eve db destroy.

Admin APIs

Platform administrators can manage managed database instances directly:

EndpointMethodPurpose
/admin/managed-db/instancesGETList all managed DB instances
/admin/managed-db/instancesPOSTRegister a new instance
/admin/managed-db/instances/:idGETGet instance details

Per-environment tenant endpoints:

EndpointMethodPurpose
/projects/:id/envs/:env/db/managedGETGet tenant status
/projects/:id/envs/:env/db/managed/rotatePOSTRotate credentials
/projects/:id/envs/:env/db/managed/scalePOSTChange tier
/projects/:id/envs/:env/db/managedDELETEDestroy tenant

CLI reference

CommandPurpose
eve db status --env <name>Check managed DB provisioning state
eve db schema --env <name>Inspect database schema
eve db rls --env <name>View row-level security policies
eve db sql --env <name> --sql "..."Execute read query
eve db sql --env <name> --sql "..." --writeExecute write query
eve db sql --env <name> --file ./query.sqlExecute query from file
eve db migrate --env <name>Run pending migrations
eve db migrations --env <name>List applied migrations
eve db new <description>Create new migration file
eve db rotate-credentials --env <name>Rotate database credentials
eve db scale --env <name> --class <tier>Change database tier
eve db destroy --env <name> --forceRemove database tenant

See CLI Commands for the full command reference.