Drift Scanner
Environments
An environment is one PostgreSQL database Drift Scanner monitors. This page covers JDBC URL rules, the minimum permissions we need, and what we capture in each snapshot.
An environment represents one PostgreSQL database that Drift Scanner watches on your behalf. You can register many environments — one per database you want to track drift on, typically one per deploy target (production, staging, analytics replica, and so on).
JDBC URL format
The URL must begin with jdbc:postgresql:// and include a host, port, and database name:
jdbc:postgresql://<host>:<port>/<database>[?param=value&...]
Examples:
jdbc:postgresql://prod-db.example.com:5432/myapp
jdbc:postgresql://db.internal.example.net:5432/app?sslmode=require
The URL is validated at registration and again on every scan.
Allowed hosts
For security, the host portion cannot resolve to any of the following:
- Loopback (
127.0.0.0/8,::1) - Private IPv4 (
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) - Link-local (
169.254.0.0/16— also includes AWS, GCP, and Azure metadata endpoints) - Carrier-grade NAT (
100.64.0.0/10) - IPv6 link-local (
fe80::/10) and unique-local (fc00::/7) - Multicast and unspecified addresses (
0.0.0.0,::)
If your database is on a private network, expose it to Drift Scanner through a public endpoint (with TLS and IP allowlisting) or wait for the bring-your-own-agent mode on the roadmap.
Database user permissions
Drift Scanner only reads from pg_catalog. A read-only role with the minimum permissions below is enough:
CREATE USER arcnull_scanner WITH PASSWORD '<strong-password>';
GRANT CONNECT ON DATABASE myapp TO arcnull_scanner;
GRANT USAGE ON SCHEMA pg_catalog TO arcnull_scanner;
We do not need DDL rights and never issue schema modifications. Your credentials are encrypted at rest using AES-256-GCM before persistence.
What gets captured
Each snapshot includes:
- Tables — name, schema, kind
- Columns — name, type, default, nullability, ordinal position
- Indexes — name, columns, unique flag, method
- Constraints — primary keys, foreign keys, unique, check
- Sequences — name, start, increment
- Views — name, definition
- Functions — name, argument types, return type, language
Snapshots include counts of tables, columns, and indexes at the top level for quick at-a-glance reporting.
What is not captured
We intentionally ignore:
- Table data. We only read metadata from
pg_catalog. - User and role grants. On the roadmap.
- Extensions. On the roadmap.
Tier caps
| Tier | Max environments |
|---|---|
| Free | 2 |
| Pro | 10 |
| Growth / Scale | Unlimited |
If you hit the cap, the API returns a 400 with a plan-limit message. Upgrade from the dashboard or deactivate an environment you no longer need.
Cron schedule
Each environment has its own cron expression. The default is hourly (0 0 * * * *). You can set anything that matches Spring's cron format — for example, 0 */15 * * * * for every fifteen minutes. Tier-based rate limits still apply.
Deactivating an environment
Deactivating keeps history intact but stops future scans. It does not delete the environment. You can reactivate later from the dashboard.