Agentic Data Plane
beta

SQL Managed MCP Server

The SQL managed MCP server gives agents read and write access to a SQL database through MCP. Redpanda runs the server in-process; you provide a connection string. Guardrails can restrict it to read-only.

After reading this page, you will be able to:

  • Configure the SQL managed MCP server for your database

  • Run a canonical SELECT query through the Inspector

  • Pick the right driver and connection-string pattern for your database

What this MCP server does

Redpanda’s SQL managed type proxies SQL statements to one of these database engines:

  • PostgreSQL (postgres or pgx)

  • MySQL / MariaDB

  • ClickHouse

  • Microsoft SQL Server (mssql)

  • SQLite (sqlite3)

It exposes the following tools:

  • query: Run a read-only SELECT and return rows. Accepts positional parameters and an optional max-rows cap.

  • execute: Run a write statement (INSERT, UPDATE, DELETE, or DDL) and return the affected row count.

Guardrails on the server config can restrict it: set readonly to disable execute, cap returned rows, restrict allowed schemas, block statement patterns, and set a per-query timeout.

Prerequisites

  • A SQL database reachable from the Agentic Data Plane.

  • A connection string (DSN) for the database, including the credentials. The DSN is stored as a sensitive value.

Configure

  1. Open MCP Servers > Create Server.

  2. Pick SQL from the marketplace picker.

  3. Fill in the identity fields (name, description).

  4. In the SQL configuration form, provide:

    • Driver: One of postgres, pgx, mysql, clickhouse, mssql, or sqlite3.

    • DSN: The driver-specific connection string, including credentials. Stored as a sensitive value.

    • Connection pool (optional): Maximum open and idle connections, and connection lifetimes.

    • Guardrails (optional): readonly (disables execute), default and maximum row caps, a per-query timeout, allowed schemas, and blocked statement patterns.

  5. Click Create.

Test

After create, exercise the server through the Inspector tab. See Test an MCP Server’s Tools with the Inspector.

A canonical first call:

  1. Open the Inspector tab.

  2. In Tools, select the query tool.

  3. Run SELECT 1 (or your driver’s equivalent). Confirm a single-row response.

  4. To list tables, run query against the catalog, for example SELECT table_name FROM information_schema.tables on PostgreSQL or MySQL.

Authentication

The SQL managed type has no MCP-level authentication modes. Credentials are carried inside the DSN (connection string), which is stored as a sensitive value. Supply them the way your driver expects, for example postgres://user:password@host:5432/dbname.

User-delegated OAuth and service-account OAuth are not supported for SQL: there’s no per-user identity model that maps to a database connection.

Use with agents

Once the SQL server is created, point an agent at the API URL on the server’s detail page. The agent sees the SQL tools alongside any other MCP servers it has access to.

Troubleshooting

Symptom What to check

connection refused from create

Database isn’t reachable from ADP. Confirm host, port, and any egress / firewall rules.

authentication failed for user

Password reference points at the wrong secret, or the secret content is wrong. Re-create the secret with UPPER_SNAKE_CASE and verify it.

Query timeout

Long-running queries exceed the configured timeout. Either tighten the query or raise the timeout on the server config.

Tools list returns empty

The driver couldn’t introspect the schema. Verify the user has read access to information_schema (Postgres/MySQL) or the equivalent.

Limitations

  • Write access: The execute tool runs writes and DDL unless readonly is set in the guardrails. Scope the database user’s permissions accordingly.

  • Per-user database identities: See Authentication.