API Reference
Connecting to Alien Postgres from your application.
The Postgres binding is connection-only: it resolves connection details and you connect with your own driver or ORM. Unlike other resources it wraps no operations — every backend speaks the same PostgreSQL wire protocol.
Resolving a connection
One call resolves the binding into everything a driver needs — a ready-to-use connection string, the TLS setting, and the same details as individual fields. Use whichever style your driver prefers.
import { Client } from "pg"
import { getPostgresConnection } from "@alienplatform/sdk"
const conn = await getPostgresConnection("db")
// Pass the individual fields, not conn.connectionString: node-postgres parses the URL's
// sslmode (it treats `require` as verify-full) and overrides `ssl`, which would reject the
// managed-cloud certificate. Field style lets `ssl` take effect.
const client = new Client({
host: conn.host,
port: conn.port,
database: conn.database,
user: conn.username,
password: conn.password,
ssl: conn.ssl,
})
await client.connect()
const { rows } = await client.query("SELECT 1")let db = ctx.bindings().load_postgres("db").await?;
// Connection string: postgres://user:pass@host:port/db?sslmode=...
let conn_str = db.connection_string();
// ...or individual fields (host, port, database, username, password, sslmode)
let params = db.connection_params();PostgresConnection
getPostgresConnection returns one object with both styles:
| Field | Type | Description |
|---|---|---|
connectionString | string | postgres://user:password@host:port/database?sslmode=…, with credentials percent-encoded. |
ssl | false | { rejectUnauthorized: boolean } | TLS for the driver: false for Local, { rejectUnauthorized: false } for the managed clouds. With node-postgres pass it alongside the individual fields, not connectionString — pg parses sslmode=require as verify-full and overrides ssl. |
host / port | string / number | The address to dial (the Aurora cluster endpoint on managed AWS). |
database / username / password | string | The un-encoded values that connectionString percent-encodes. |
Errors
getPostgresConnection throws an AlienError when it can't return a usable connection:
BINDING_NOT_FOUND— no Postgres binding namedidis linked to the workload. Not retryable; link the resource.INVALID_BINDING_CONFIG— the injected binding is malformed or has an unexpected shape. Not retryable.POSTGRES_SECRET_RESOLUTION_ERROR— on the managed clouds, the password secret couldn't be read (throttling, a transient failure, or an empty secret). Retryable.
Notes
- Configure your client with connect retries and a ≥ 30 s connect timeout so the first connection after an AWS auto-pause succeeds (see Behavior).
- TLS is
requireon the managed clouds anddisableon Local; a BYO/external database (Kubernetes / on-prem) usesprefer. In TypeScript read it fromssl; in Rust it's thesslmodein the connection string. - The credentials connect as the admin user:
alienon the managed clouds,postgreson Local. Read it fromusername, don't hard-code it. Define application-level SQL roles yourself if you need them.