Most database clients are designed for solo developers. FutrixData is built so a team can answer two questions at any time: "who ran what" and "who saw which data." Same policy applies to engineers in the desktop app and to AI agents calling over MCP.
For a team that has to answer to a privacy regulator, a security engineer, or an internal review, "secure database client" comes down to four properties:
audit verify CLI detects modified, deleted, inserted, or reordered rows in the chain. Local verification only — see limitations for what it does not detect.FutrixData ships all four out of the box.
| Concern | Mechanism |
|---|---|
| Credential exposure | Connection strings live on the FutrixData host. Engineers and agents authenticate; they never see the raw credentials. |
| PII on screen / in prompts | L1–L5 sensitivity classification + secret-backed deterministic HMAC masking applied on the agent result path. Console returns raw rows for authorized humans. |
| Destructive queries | Per-database rule sets — DELETE/UPDATE without WHERE, DROP, TRUNCATE, FLUSHALL, dropDatabase, _delete_by_query, etc. |
| Wide queries | Pre-flight EXPLAIN on SQL/Mongo/D1 escalates risk on full scans, missing indexes, deep pagination. |
| Per-identity access | Per-user keys, per-agent keys; revocation is instant and preserves audit history. |
| Audit | Every call records identity, source, target, statement, outcome, and the matched rule. |
FutrixData is not a certification — your organization still owns its SOC 2, ISO 27001, GDPR, or HIPAA program — but the gateway gives you concrete artifacts most database clients don't produce:
See trust for the data-path map and capability state, and limitations for what the gateway is not.
The desktop Console (humans) and MCP / Skill / CLI calls (AI agents) hit the same gateway, the same query guardrails, and the same local hash-chained audit log. The one place behavior differs by design is masking:
You can tighten or relax masking per data source. There is no separate "AI mode" with weaker guardrails — masking is the only place where the human and agent paths diverge, and it diverges in the safer direction.
For ad-hoc queries, schema browsing, and team-wide query access on supported databases — yes. If you depend on advanced GUI tooling like ER diagram authoring or vendor-specific server admin GUIs, you may keep an existing client alongside FutrixData.
Currently MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, ChromaDB, DynamoDB, and Cloudflare D1.
On the FutrixData host — the desktop machine for solo use, or the gateway server for team / Enterprise deployments. They are not stored in shared config files, in agent prompts, or in third-party LLM context.
Within the local-only scope, yes. The local audit log is hash-chained, and the built-in futrixdata-cli audit verify --json command detects modified, deleted, inserted, or reordered records inside the chain. Local hash-chain verification detects edits to the existing log; external anchoring or immutable storage is required for stronger protection against full local log rewrite. See limitations.
Yes. FutrixData Enterprise Edition is a Docker image (Compose or Kubernetes) you run inside your VPC. No database credentials or query bodies leave your perimeter. See self-hosted gateway.
The default classification spans L1 (public) through L5 (credentials / payment / high-sensitivity personal data). On the agent result path (MCP / Skill / CLI), L4 / L5 fields are replaced with stable secret-backed pseudonymous hashes before the row leaves the gateway, so analysts and agents see consistent hashes without ever seeing raw values. The HMAC key is derived from a local secret stored in OS-level secret storage. The desktop Console preserves raw values for authorized humans by default. The level names, descriptions, example fields, and per-agent accessible range are all customizable — including defining additional levels beyond the default L1–L5. See PII masking and masking limitations.
It can, on the AI Chat / schema-knowledge / ER-assistance paths. Schema metadata may include table names, column names, types, indexes, and comments — a separate data path from query result rows. Result masking does not automatically cover schema metadata. The desktop app exposes a per-data-source toggle for schema-to-LLM transmission, and each transmission is recorded as its own audit event. See trust for the full data-path map.
Free desktop app on macOS, Windows, and Linux. Self-hosted Enterprise Edition for production deployments.