# rmBug

> Identity-based database access management for engineers, AI agents, and automation with SSO authentication, time-limited access, and full query audit logging.

rmBug provides identity-based database access management that lets teams know exactly who is connecting to their databases — humans, AI agents, and automation alike. Engineers authenticate via SSO and get time-limited access through the tools they already use, while AI agents and CI/CD pipelines receive their own machine identity, credentials, and access policies. Every connection is named, every query is logged, and the entire system deploys in under 10 minutes without VPN tunnels or firewall changes.

- **Identity for every connection** — *Engineers authenticate via SSO; AI agents and CI/CD pipelines authenticate via API key, each with their own RBAC role and audit trail.*
- **Time-limited access** — *Engineers request access for a defined duration; approvals can be manual, automatic, or always-on for trusted teams.*
- **Machine identity built in** — *Register AI agents, CI/CD pipelines, and automation scripts as org members with their own grants, security settings, and audit trail — not just tagged sessions.*
- **Full query audit logging** — *Session metadata, query text, PII redaction, and policy decisions are all captured in a tamper-evident, searchable audit log.*
- **Query firewall** — *Block dangerous operations before they execute, with rules configurable per resource, role, or environment.*
- **Works with existing tools** — *psql, mysql CLI, TablePlus, DBeaver, and DataGrip all work via a local transparent proxy — no client changes required.*
- **No network changes required** — *Deploy a gateway inside your VPC; engineers connect through rmBug's secure relay without VPN tunnels or bastion hosts.*
- **Compliance-ready** — *Audit trail, access controls, and credential isolation support SOC 2, HIPAA, SOX, and ISO 27001 requirements.*
- **Concurrent agent billing** — *Buy a pool of concurrent connection slots for automation rather than per-agent seats; unlimited agents can be registered.*
- **Credential isolation** — *Database credentials are stored encrypted and injected by the gateway; engineers never see or handle passwords directly.*

## Features
- SSO authentication
- Time-limited access grants
- Machine identity for AI agents and CI/CD
- Full query audit logging
- PII redaction in audit logs
- Query firewall
- Row-level and column-level security
- Data masking
- Approval workflows
- Credential isolation
- AWS Secrets Manager integration
- HashiCorp Vault integration
- SCIM provisioning
- SIEM integrations
- Audit log export (CSV/JSON)
- Slack and Teams notifications
- No VPN required
- Cross-platform CLI agent
- Transparent local proxy

## Integrations
PostgreSQL, MySQL, MariaDB, AWS Secrets Manager, HashiCorp Vault, Slack, Microsoft Teams, SIEM platforms, TablePlus, DBeaver, DataGrip, psql, mysql CLI

## Platforms
WEB, CLI, API

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://rmbug.com
- Documentation: https://rmbug.com/docs
- Repository: https://github.com/rmbug
- EveryDev.ai: https://www.everydev.ai/tools/rmbug