We stopped giving AI agents database passwords A developer built db-mcp-gateway, a self-hosted MCP server that sits between AI agents and databases, ensuring agents never hold credentials. The server authenticates via SSO, maps identity to YAML-defined grants, and enforces least privilege with row caps and statement timeouts. Every "connect your AI agent to a database" tutorial ends the same way: paste a connection string into a config file. That string now lives on a laptop, in shell history, maybe in a Slack DM to unblock someone on a Friday. We didn't want that for our own team, so we built db-mcp-gateway a self-hosted MCP server that sits between agents and databases. The agent never holds a credential. It authenticates via SSO, the gateway maps that identity to a YAML-defined grant, and the query runs under least privilege with a row cap and a statement timeout. What I want to cover in this post: Full writeup + a real docker pull you can run in five minutes: https://github.com/developerz-ai/db-mcp-gateway https://github.com/developerz-ai/db-mcp-gateway Tags: mcp ai security postgresql