← 15.616.2 →
871 words Slides

16.1 Database Connections: PostgreSQL, MySQL via MCP

Course: Claude Code - Enterprise Development

Section: Advanced MCP Integrations

Video Length: 3-4 minutes

Presenter: Daniel Treasure

Opening Hook

"Databases are the backbone of enterprise systems, but exposing raw database access to AI is risky. Today, we're using MCP to create secure, read-only database connections that let Claude analyze schema and generate migrations—without ever risking your data."

Key Talking Points

What to say:

  • "The challenge: developers need Claude to understand schema, generate migrations, analyze query performance—but you can't just hand over database credentials."
  • "The solution: MCP database adapters create a secure interface with scoped permissions."
  • "We'll show PostgreSQL first (most common), then MySQL. The pattern is identical."
  • "Key security principle: read-only roles for analysis, restricted write access for migrations only."

What to show on screen:

  • Anthropic MCP GitHub repository (database adapters section)
  • Live psql/mysql client showing database structure
  • Database user roles configured with minimal privileges
  • Migration generation workflow in Claude

Demo Plan

[00:00 - 00:30] Setup & Connection 1. Show claude mcp add command for PostgreSQL adapter 2. Display connection string format: postgresql://user:pass@host/db 3. Highlight restricted credentials in .env or secrets manager (don't type live password)

[00:30 - 01:45] Read-Only Queries & Schema Analysis 1. Open Claude Code with PostgreSQL MCP connected 2. Ask Claude: "Analyze the users table schema and suggest indexes" 3. Let Claude execute MCP read operations 4. Show returned schema metadata 5. Live demo: Claude generates SQL analysis based on schema

[01:45 - 03:00] Migration Generation 1. Ask Claude: "Generate a migration to add an updated_at timestamp to users table" 2. Show Claude writing migration file with proper naming 3. Demonstrate: Claude suggests best practices (NOT NULL, DEFAULT CURRENT_TIMESTAMP) 4. Show how migrations are written but NOT auto-executed

[03:00 - 03:30] Security Review 1. Discuss database user roles in .env example 2. Show read-only role vs. migration role separation 3. Emphasize: production databases use different credentials per environment

Code Examples & Commands

# Add PostgreSQL MCP adapter
claude mcp add --transport stdio postgres \
  -- npx -y @anthropic/mcp-postgres \
  --connection-string "postgresql://readonly_user:pass@db.example.com/production"

# Add MySQL MCP adapter
claude mcp add --transport stdio mysql \
  -- npx -y @anthropic/mcp-mysql \
  --connection-string "mysql://readonly_user:pass@db.example.com/production"

Database user setup (PostgreSQL):

-- Create read-only role for analysis
CREATE ROLE claude_readonly WITH LOGIN PASSWORD 'secure_password';
GRANT CONNECT ON DATABASE production TO claude_readonly;
GRANT USAGE ON SCHEMA public TO claude_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO claude_readonly;

-- Separate migration role (restricted write)
CREATE ROLE claude_migrations WITH LOGIN PASSWORD 'different_password';
GRANT EXECUTE ON FUNCTION run_migrations TO claude_migrations;

Example prompt:

Analyze the current schema for the "orders" table and suggest:
1. Missing indexes for common queries
2. Denormalization opportunities
3. A migration to add an "order_status_updated_at" column

Gotchas & Tips

Gotcha 1: Credentials in Command Line - Never paste production passwords in shell history - Use environment variables or .env files - In demo: use test/staging credentials only

Gotcha 2: Scoped Access Not Enforced by Claude - MCP adapter must enforce permissions at database level - Claude can't "accidentally" write data if database user lacks permission - Always verify database role before connecting

Gotcha 3: Large Schema Analysis - If you have 100+ tables, Claude may struggle - Solution: Narrow MCP scope to specific schemas/tables - Show how to filter in MCP adapter config

Tip 1: Schema Documentation - Claude generates excellent migration comments if given table context - Example: "This table tracks customer orders since 2020. Add a 'metadata' column."

Tip 2: Migration Safety - Always have Claude generate, not execute - Review migrations before running in production - Use MCP for read-only analysis of existing migrations

Tip 3: Performance Queries - Ask Claude: "Show me the most expensive queries on this schema" - Claude analyzes table sizes and indexes to suggest optimizations

Lead-out

"You've now seen how to safely connect Claude to your database layer using MCP. Read-only access for analysis, restricted write for migrations. In the next video, we'll pivot to error monitoring—connecting Claude to Sentry to debug production failures in real time."

Reference URLs

  • Anthropic MCP PostgreSQL Adapter: https://github.com/anthropics/mcp-servers/tree/main/src/postgres
  • Anthropic MCP MySQL Adapter: https://github.com/anthropics/mcp-servers/tree/main/src/mysql
  • PostgreSQL Role Documentation: https://www.postgresql.org/docs/current/database-roles.html
  • MySQL User Privileges: https://dev.mysql.com/doc/refman/8.0/en/user-account-management.html

Prep Reading

  • Review the MCP adapter source code for your database (5 min)
  • Set up test database with sample schema (10 min)
  • Create read-only user role and test permissions (10 min)

Notes for Daniel

  • Tone: Emphasize security as the primary motivation—this isn't just about convenience, it's about responsible AI access to critical systems.
  • Live demo focus: The magic is watching Claude understand schema and generate migrations without touching the actual database. Make that moment clear.
  • Common question: "Can Claude modify the schema?" Answer: Only if you give the database role that permission—which you shouldn't for analysis-only use cases.
  • Staging vs. production: If time allows, mention using a staging database for demos (safer for live screen).
  • Connection timeout: If demo lags, have a pre-recorded fallback showing the output (MCP connections can be slow over network).