Question
How to restrict connections to a managed database
- Posted on April 28, 2025
- Managed DatabasesDatabaseAI/ML
Asked by setec
How do I restrict connections to only the sources required for a knowledgebase and agent?
The only options I see in the dropdown are my current public IP and totally unrelated droplets. I’m asking because it says “all other public and private connections will be denied.” Some connection must be needed to run the agent but that is not running from any of the droplets displayed and definitely from my local computer.
"Trusted sources
To restrict connections to trusted sources, add at least one inbound source below. When you do, all other public and private connections will be denied.Why is this so important?"
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Get our newsletter
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hey @setec,
I’ve been following your questions around the GenAI platform, really appreciate how thoroughly you’re digging into things and sharing your findings. Not 100% sure but I think the trusted sources list is mostly geared toward letting you explicitly allow known IPs, like your own or certain Droplets.
For Agents and Knowledgebases though, I think the actual backend services that run them aren’t shown in that list, they probably connect through some internal infrastructure that isn’t exposed as a selectable source. That part’s a bit unclear, and yeah, the warning makes it sound like locking things down could break something if you’re not sure which IPs are needed.
I’ve shared your feedback internally, since this kind of confusion is exactly the stuff that’s helpful to surface early.
Thanks again for taking the time to post these!
- Bobby