MCP Server to interact with data in YugabyteDB
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"yugabytedb-mcp-docker": {
"args": [
"run",
"--rm",
"-i",
"-e",
"YUGABYTEDB_URL=dbname=yugabyte host=host.docker.internal port=5433 user=yugabyte password=yugabyte load_balance=false",
"mcp/yugabytedb"
],
"command": "docker"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
An MCP server implementation for YugabyteDB that allows LLMs to directly interact with your database.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in data
Query and manage PostgreSQL databases directly from AI assistants
Zero-dependency, token-efficient database MCP server for Postgres, MySQL, SQL Server, MariaDB, SQLite.
🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.
Manage Supabase projects — databases, auth, storage, and edge functions
MCP Security Weekly
Get CVE alerts and security updates for Yugabytedb Mcp Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
An MCP server for YugabyteDB and PostgreSQL — lets LLMs (Claude Desktop, Cursor, Windsurf, etc.) summarize schemas, run read-only queries, and execute write statements behind a configurable guardrail layer.
summarize_database — list tables with columns and row counts for a schema (read-only)run_read_only_query — execute a SELECT under BEGIN READ ONLY; results returned as JSON (read-only)run_write_query — INSERT/UPDATE/DELETE/MERGE/TRUNCATE/DDL gated by a guardrail blocklist (destructive, disabled by default — enable with --enable-write-query or YB_MCP_ENABLE_WRITE_QUERY=true)Defense in depth: the write tool is annotated destructiveHint: true, so Claude Desktop surfaces a confirmation prompt before every call even when the guardrails would let the statement through.
Optional OAuth (AWS Cognito) and Origin-header validation for self-hosted remote deployments.
Three install options, in roughly the order of how end users will reach for them:
# uvx — no install at all; fetches and runs on demand. Handy for one-off use
# and also the form the MCPB Desktop extension uses internally.
uvx yugabytedb-mcp-server --help
# pipx — installs to an isolated venv, puts the script on $PATH.
pipx install yugabytedb-mcp-server
# uv tool — same idea, uv-managed.
uv tool install yugabytedb-mcp-server
# pip — system-level or current-venv install.
pip install yugabytedb-mcp-server
After any of the persistent installs (pipx / uv tool / pip), verify with:
yugabytedb-mcp --help
# or, equivalently:
yugabytedb-mcp-server --help
Both console scripts are registered and point at the same entry point —
yugabytedb-mcp is the short form, yugabytedb-mcp-server matches the
package name and is what uvx resolves to by default.
Pre-release note: while v2 is in release-candidate (e.g.
2.0.0rc2), default installs won't pick it up. For now, install with an explicit version (pipx install yugabytedb-mcp-server==2.0.0rc2) or with--pip-args='--pre'. This goes away once2.0.0stable is published.
For development from source, see Development below.
| Environment Variable | CLI flag | Required | Description |
|---|---|---|---|
YUGABYTEDB_URL | --yugabytedb-url | Yes | libpq connection string (e.g. host=… port=5433 dbname=… user=… password=…). |
YB_MCP_TRANSPORT | --transport | No | stdio (default) or http. |
YB_MCP_STATELESS_HTTP | --stateless-http | No | true enables stateless Streamable-HTTP — required for multi-replica self-hosted deployments. |
YB_MCP_MAX_INSERT_ROWS | --max-insert-rows | No | Reject INSERT … VALUES with more rows than this. Default 1000. |
YB_MCP_REQUIRE_WHERE_ON_UPDATE | --require-where-on-update | No | Reject UPDATE without a WHERE clause. Default false. |
YB_MCP_REQUIRE_WHERE_ON_DELETE | --require-where-on-delete | No | Reject DELETE without a WHERE clause. Default false. |
YB_MCP_ENABLE_WRITE_QUERY | --enable-write-query | No | Enable the run_write_query tool. Default false (write tool disabled). |
MCP_AUTH_PROVIDER | --mcp-auth-provider | No | cognito (tested) or oidc (untested). Leave unset to disable auth. |
YB_MCP_IDENTITY_CLAIM | --identity-claim | No | JWT claim to use as the DB role identifier for per-user SET ROLE. Default email. |
YB_MCP_IDENTITY_TRANSFORM | --identity-transform | No | Transform applied to the claim before using as a DB role: none (default) or strip_domain (strips @… from emails). |
MCP_BASE_URL | — | When auth enabled | Public base URL the server is reachable at (e.g. https://mcp.example.com). |
| `MCP_ALLOWED_OR |