Postgres connections now work through Sandbox firewall

Source: Vercel Blog

May 1, 2026

Vercel Sandbox can now connect to hosted Postgres databases, including Neon, Supabase, AWS RDS, Nile, and Prisma Postgres. To enable a connection, add the database host to your Sandbox’s allowed domains.

Background

When SNI‑based filtering is used with Vercel Sandbox, the sandbox firewall restricts outbound network access by checking the domain name during a connection’s TLS handshake. This works seamlessly for HTTPS traffic, where the domain is visible at the start of the connection.

Postgres, however, negotiates TLS differently. A Postgres client first opens a plain TCP connection and then upgrades to TLS. Because the domain isn’t available when the firewall first needs it, Postgres connections through a standard domain‑restricted Sandbox would fail.

What changed

The Sandbox firewall now adjusts for the Postgres TLS negotiation flow. It detects the protocol’s startup sequence, waits for the TLS upgrade, and then applies your domain policy before forwarding the connection to the database. No changes are needed to your code or database configuration.

Connecting to hosted database

Here’s a full example: create a Sandbox, install a Postgres client, lock down the network to only the database host, and run a query.

import { Sandbox } from '@vercel/sandbox';

const { PGHOST, PGUSER, PGPASSWORD, PGDATABASE } = process.env;

const connectionString = `postgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:5432/${PGDATABASE}?sslmode=require`;

// Start with unrestricted network access to install dependencies.
const sandbox = await Sandbox.create();

await sandbox.runCommand({
  cmd: 'sudo',
  args: ['dnf', 'install', '-y', 'postgresql15'],
});

// Lock the sandbox down to only the database host before running untrusted code.
await sandbox.updateNetworkPolicy({
  allowDomains: [PGHOST!],
});

const result = await sandbox.runCommand({
  cmd: 'psql',
  args: [connectionString, '-c', 'SELECT now();'],
});

console.log(await result.stdout());

Important to know

• TLS is required: Domain‑based rules rely on the hostname being visible during the TLS handshake, so clients must connect with sslmode=require or higher. If your database doesn’t support TLS, you can allow it by IP range instead. Most managed Postgres providers require TLS by default.
• GSSAPI encryption is not supported: Clients using gssencmode=prefer will fall back to TLS automatically; gssencmode=require will not connect.
• No silent downgrades: If a client uses sslmode=prefer and the database doesn’t support TLS, the connection will fail rather than silently falling back to plain‑text.

Learn more about the Sandbox firewall.