Skip to main content
DBHub supports three configuration methods with the following priority order:
  1. Command-line arguments (highest priority)
  2. TOML configuration file (if --config is provided or ./dbhub.toml exists)
  3. Environment variables
  4. .env files (.env.local in development, .env in production)
This page covers command-line flags and environment variables. For TOML configuration, see TOML Configuration. Command-line flags are passed when starting DBHub. These have the highest priority and override all other configuration methods.

—transport

--transport
string
default:"stdio"
Transport protocol for MCP communication.Options:
  • stdio - For desktop tools (Claude Desktop, Claude Code, Cursor). Pure MCP-over-stdio with no HTTP server.
  • http - For browser and network clients. Starts HTTP server with MCP endpoint, admin console, and API.
Featurestdiohttp
MCP communicationstdin/stdoutHTTP POST /mcp
Admin consolehttp://host:port/
Health check/healthz
API/api/xxx
Multiple instances✅ No port conflictsRequires different ports
# stdio (default) - for Claude Desktop, Claude Code, Cursor
# No HTTP server started
npx @bytebase/dbhub@latest --transport stdio --dsn "..."

# http - for web clients, admin console, and remote access
npx @bytebase/dbhub@latest --transport http --port 8080 --dsn "..."

—port

--port
number
default:"8080"
HTTP server port. Only used when --transport=http. Ignored for stdio transport.
npx @bytebase/dbhub@latest --transport http --port 3000 --dsn "..."

—dsn

--dsn
string
Database connection string (Data Source Name). Format: database_type://username:password@host:port/database_name?options
# Format: postgres://[user]:[password]@[host]:[port]/[database]?[options]
postgres://myuser:mypassword@localhost:5432/mydb
DSN Query Parameters:
ParameterDatabasesDescriptionExample
sslmodePostgreSQL, MySQL, MariaDB, SQL ServerSSL mode: disable, require?sslmode=require
instanceNameSQL ServerNamed instance?instanceName=SQLEXPRESS
authenticationSQL ServerAuth method: ntlm, azure-active-directory-access-token?authentication=ntlm
domainSQL ServerWindows domain (with authentication=ntlm)?domain=CORP
SSL/TLS Options:
Databasesslmode=disablesslmode=requireDefault
PostgreSQLCertificate verification
MySQLCertificate verification
MariaDBCertificate verification
SQL ServerCertificate verification
SQLiteN/A (file-based)
  • sslmode=disable: All SSL/TLS encryption is turned off. Data is transmitted in plaintext.
  • sslmode=require: Connection is encrypted, but the server’s certificate is not verified.
# Examples
postgres://user:password@localhost:5432/dbname?sslmode=disable
postgres://user:password@localhost:5432/dbname?sslmode=require
sqlserver://jsmith:secret@localhost:1433/mydb?authentication=ntlm&domain=CORP
Environment Variables (Alternative to —dsn)
DB_*
environment
Recommended for databases with complex passwords containing special characters:
VariableTypeDescription
DB_TYPEstringDatabase type: postgres, mysql, mariadb, sqlserver, sqlite
DB_HOSTstringDatabase server hostname (not needed for SQLite)
DB_PORTnumberDatabase server port. Default: PostgreSQL (5432), MySQL/MariaDB (3306), SQL Server (1433)
DB_USERstringDatabase username (not needed for SQLite)
DB_PASSWORDstringDatabase password (not needed for SQLite). Supports special characters without URL encoding.
DB_NAMEstringDatabase name or SQLite file path
export DB_TYPE=postgres
export DB_HOST=localhost
export DB_PORT=5432
export DB_USER=myuser
export DB_PASSWORD='p@ss:word#123'
export DB_NAME=mydb
npx @bytebase/dbhub@latest

—id

--id
string
Instance identifier to suffix tool names. Useful when running multiple DBHub instances (e.g., in Cursor).Tools will be named execute_sql_{id} for each instance.
npx @bytebase/dbhub@latest --id prod --dsn "postgres://user:pass@prod-host:5432/db"
npx @bytebase/dbhub@latest --id staging --dsn "postgres://user:pass@staging-host:5432/db"
Result: execute_sql_prod and execute_sql_staging tools
Cannot be used with --config (TOML configuration). TOML config defines source IDs directly in the configuration file. Use command-line DSN configuration instead if you need the --id flag.

—demo

--demo
boolean
default:"false"
Run DBHub with a bundled SQLite sample “employee” database for testing.
npx @bytebase/dbhub@latest --demo --transport http --port 8080

—config

--config
string
default:"./dbhub.toml"
Path to TOML configuration file for managing multiple database connections and advanced configurations.Automatically loads ./dbhub.toml if it exists in the current directory.
npx @bytebase/dbhub@latest --config ./dbhub.toml --transport http --port 8080
See TOML Configuration for complete configuration reference including source options, tool options, SSH tunnels, and custom tools.
--config (TOML) is mutually exclusive with:
  • --dsn - TOML configuration defines database connections directly
  • --id - TOML configuration defines source IDs directly in the file
If using TOML config, remove these flags. If you need --id or --dsn, use command-line/environment configuration instead.

SSH Tunnel Options

SSH tunnel configuration for connecting to databases through bastion/jump hosts.
OptionEnvTypeDescription
--ssh-hostSSH_HOSTstringSSH server hostname or alias from ~/.ssh/config
--ssh-portSSH_PORTnumberSSH server port (default: 22)
--ssh-userSSH_USERstringSSH username
--ssh-passwordSSH_PASSWORDstringSSH password (for password auth)
--ssh-keySSH_KEYstringPath to SSH private key file. Auto-detects ~/.ssh/id_rsa, ~/.ssh/id_ed25519, etc. if not specified
--ssh-passphraseSSH_PASSPHRASEstringPassphrase for encrypted SSH key
--ssh-proxy-jumpSSH_PROXY_JUMPstringProxyJump hosts for multi-hop SSH. Format: [user@]host[:port] (comma-separated for chains)
Examples: 
# Password auth
npx @bytebase/dbhub@latest --dsn "..." \
  --ssh-host bastion.example.com --ssh-user ubuntu --ssh-password mypassword

# Key-based auth
npx @bytebase/dbhub@latest --dsn "..." \
  --ssh-host bastion.example.com --ssh-user ubuntu --ssh-key ~/.ssh/id_rsa

# ProxyJump (single hop)
npx @bytebase/dbhub@latest --dsn "..." \
  --ssh-host target.internal --ssh-proxy-jump bastion.example.com

# ProxyJump (multi-hop: bastion1 → bastion2 → target)
npx @bytebase/dbhub@latest --dsn "..." \
  --ssh-host target.internal --ssh-proxy-jump "bastion1.com,admin@bastion2:2222"
  • ProxyJump is automatically read from ~/.ssh/config when using SSH host aliases
  • ProxyCommand is not supported (requires shell execution). Use ProxyJump instead
  • Path expansion for ~/ is supported in file paths

Quick Reference

CLI OptionEnvTypeDescription
--transportTRANSPORTstringTransport mode: stdio or http (default: stdio)
--portPORTnumberHTTP server port (http transport only, default: 8080)
--demo-booleanUse sample employee database
--idIDstringInstance identifier for tool names
--config-stringPath to TOML config file (default: ./dbhub.toml)
--dsnDSNstringDatabase connection string (required unless using --demo or --config)
-DB_TYPEstringDatabase type
-DB_HOSTstringDatabase hostname
-DB_PORTnumberDatabase port (varies by type)
-DB_USERstringDatabase username
-DB_PASSWORDstringDatabase password
-DB_NAMEstringDatabase name or SQLite file path
--ssh-hostSSH_HOSTstringSSH server hostname
--ssh-portSSH_PORTnumberSSH server port (default: 22)
--ssh-userSSH_USERstringSSH username
--ssh-passwordSSH_PASSWORDstringSSH password
--ssh-keySSH_KEYstringPath to SSH private key
--ssh-passphraseSSH_PASSPHRASEstringSSH key passphrase
--ssh-proxy-jumpSSH_PROXY_JUMPstringProxyJump hosts