Frequently Asked Questions

Can I run DROP DATABASE?

No. Some operations are always blocked regardless of Safe Mode setting:DROP DATABASE,SHUTDOWN, and filesystem operations. Use your database's native CLI for these.

How are my database passwords stored?

Database passwords and SSH keys are encrypted with AES-256-GCM using a key derived from yourSESSION_SECRET. They're only decrypted in memory during active connections. If someone steals your connections.json file, they cannot read the passwords without the secret.

Do I need an AI API key?

No. The AI assistant is optional. QueryGlow works perfectly without it. If you want AI-powered query generation, add one of these to your .env:OPENAI_API_KEY,ANTHROPIC_API_KEY, orGOOGLE_API_KEY.

Does the AI see my data?

No row data is ever sent. Only your schema metadata (table names, column names) is sent to generate queries. Your actual data never leaves your server.

Why am I getting rate limited?

QueryGlow limits AI requests to 30 per minute to prevent API cost abuse. This is separate from your AI provider's own rate limits.

Which databases are supported?

QueryGlow supports six database types:

• PostgreSQL — Including cloud providers (Supabase, Neon, RDS)
• MySQL — 5.7+ and 8.x
• MariaDB — Full compatibility
• SQLite — File-based databases (path restricted to /app/data)
• CockroachDB — PostgreSQL-compatible distributed SQL
• TimescaleDB — PostgreSQL with time-series extensions

Does it support multiple users?

QueryGlow uses Basic Auth with a single set of credentials (configured via deploy.sh). Anyone with the password can access it—there's no per-user login system. For team access, share the credentials or use network-level security (VPN/Tailscale) instead.

Where is data stored?

All application state is stored in JSON files at /app/data:

• connections.json — Encrypted database credentials
• saved-queries.json — Saved SQL snippets (per-connection)
• query-history.json — Last 1,000 queries per connection

This directory is mounted as a Docker volume (queryglow-data) and persists across container restarts.

Does it work on Mac M1/M2/M3 (ARM)?

Yes. The Docker image supports both linux/amd64 and linux/arm64. You can build and run it natively on Apple Silicon without emulation.

How do I connect to a database on the same server?

Use localhost or 127.0.0.1 as the host. Production deployments use network_mode: host, so the container shares your server's network—no special Docker hostname needed.

How do updates work?

cd queryglow
git pull
./deploy.sh  # Rebuilds and restarts automatically

Is there a license key?

No. QueryGlow does not use DRM or license keys. Once you have the code, it runs forever without "phoning home" to validate anything. Your license is simply your access to the source code.

Can I modify the code?

Yes. You can modify QueryGlow freely for your own use—add features, change the UI, or integrate it into your tools. You cannot redistribute or resell the code.

Connection failed: timeout

The database port is not reachable. Check that your database is running and listening on the correct interface. For databases on the same server, use localhost. For remote databases, consider using an SSH tunnel.

Lost all my connections after update

Your SESSION_SECRET changed or was lost. This key encrypts stored passwords (AES-256-GCM). If it changes, existing encrypted data becomes unreadable. Restore your original .env from backup, or re-create your connections with the new secret.

CockroachDB won't connect

CockroachDB may have IPv6 resolution issues. Try using 127.0.0.1 instead oflocalhost as the host.