Skip to content

Cintu07/aegis

BranchesTags

Repository files navigation

Aegis

A PostgreSQL wire-protocol proxy for production deployments.

Aegis intercepts traffic between your application and PostgreSQL to provide query inspection, rewriting, routing, rate limiting, and policy enforcement at the protocol level. No application code changes required.

Installation

Docker

docker run -p 5434:5434 -p 9090:9090 pawan126/aegis

Binary Download from GitHub Releases

Go

go install github.com/Cintu07/aegis@latest

Features

  • Query logging and inspection
  • YAML-based policy engine (block, allow, rewrite queries)
  • Per-client rate limiting
  • Read/write routing (primary/replica)
  • TLS termination with auto-generated certificates
  • Connection pooling
  • Hot policy reload without restart
  • Prometheus metrics endpoint

Quick Start

# Start Aegis
./aegis

# Connect through proxy
psql -h 127.0.0.1 -p 5434 -U postgres

Configuration

All configuration is via environment variables.

Variable Default Description
AEGIS_LISTEN :5434 Proxy listen address
AEGIS_PRIMARY localhost:5432 Primary PostgreSQL
AEGIS_REPLICA localhost:5433 Replica PostgreSQL
AEGIS_POLICY aegis-policy.yaml Policy file path
AEGIS_RATE_LIMIT 10 Queries per second per client
AEGIS_RATE_BURST 20 Burst size
AEGIS_TLS_CERT - TLS certificate path
AEGIS_TLS_KEY - TLS key path
AEGIS_POOL_SIZE 10 Connection pool size
AEGIS_POOL_ENABLED true Enable connection pooling
AEGIS_METRICS_PORT 9090 Prometheus metrics port
AEGIS_MODE normal Set to "passthrough" to disable all features

Policy Engine

Define rules in YAML:

version: 1
default_action: allow

rules:
  - name: block_delete
    match: "DELETE"
    action: deny
    message: "DELETE operations are blocked"

  - name: limit_selects
    match: "SELECT"
    action: rewrite
    add_limit: 100

Policy reloads automatically when the file changes.

Metrics

Available at http://localhost:9090/metrics

  • aegis_connections_total
  • aegis_queries_total
  • aegis_queries_blocked
  • aegis_queries_throttled
  • aegis_queries_rewritten
  • aegis_route_primary_total
  • aegis_route_replica_total
  • aegis_pool_hits_total
  • aegis_pool_misses_total
  • aegis_tls_connections_total

Architecture

Application --> Aegis:5434 --> PostgreSQL Primary:5432
                    |
                    +-------> PostgreSQL Replica:5433

Requirements

  • Go 1.23+ (for building from source)
  • PostgreSQL 12+

License

MIT

About

PostgreSQL wire-protocol proxy. Query logging, safe rewrites, read/write routing, rate limiting, and policy enforcement.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

v1.0.4 Latest
Dec 22, 2025
+ 4 releases

Packages

 
 
 

Contributors

Languages