Skip to main content
Guild uses a PostgreSQL database for all platform data. When running self-hosted, you configure the connection with the DATABASE_URL environment variable.

Connection string format

DATABASE_URL follows the SQLAlchemy connection string format with the postgresql+asyncpg driver:
DATABASE_URL=postgresql+asyncpg://user:password@host/dbname

SSL configuration

When your PostgreSQL server requires SSL certificate verification, add sslmode and sslrootcert as query parameters to the connection string.

sslmode

The sslmode parameter controls how Guild verifies the server’s TLS certificate.
ValueBehavior
requireEncrypts the connection but does not verify the certificate. This is the default.
verify-caVerifies that the server certificate is signed by a trusted CA. Does not verify the server hostname.
verify-fullVerifies the server certificate and confirms that the hostname matches the certificate.

sslrootcert

The sslrootcert parameter specifies the path to a CA certificate file. Guild uses this file to verify the server’s certificate when sslmode is verify-ca or verify-full.
DATABASE_URL=postgresql+asyncpg://user:pass@host/dbname?sslmode=verify-full&sslrootcert=/path/to/ca.pem
Managed database services such as AWS RDS, Google Cloud SQL, and Azure Database for PostgreSQL provide a CA certificate you can download and reference with sslrootcert. Use verify-full when the hostname in the URL matches the hostname in the server’s certificate. Use verify-ca when you want to verify the certificate chain but hostname matching is not applicable.
sslrootcert has no effect unless sslmode is verify-ca or verify-full.