This guide covers deploying SQL Auditor to production with all security and performance features enabled.
- Docker and Docker Compose
- PostgreSQL (optional, for EXPLAIN features)
- Domain name with SSL certificate
- OpenAI API key (for LLM features)
-
Clone and configure:
git clone <repo> cd llm-sql-auditor cp .env.production.example .env.production # Edit .env.production with your values
-
Generate API key:
from backend.core.auth import generate_api_key print(generate_api_key())
-
Deploy:
docker-compose -f docker-compose.prod.yml up -d
See .env.production.example for all available options.
Required for production:
API_KEY: Secure API key for authenticationREQUIRE_AUTH=true: Enable API key authenticationCORS_ORIGINS: Your frontend domain(s)
Optional:
ENABLE_EXPLAIN=true: Enable EXPLAIN plan executionPOSTGRES_CONNECTION_STRING: For PostgreSQL EXPLAINSQLITE_CONNECTION_STRING: For SQLite EXPLAIN
# Enable authentication
SQLAUDITOR_REQUIRE_AUTH=true
SQLAUDITOR_API_KEY=your-secure-key-here
# Configure CORS
SQLAUDITOR_CORS_ORIGINS=https://yourdomain.com
# Rate limiting (default: 10/minute)
SQLAUDITOR_RATE_LIMIT_PER_MINUTE=10All API endpoints require the X-API-Key header when REQUIRE_AUTH=true:
curl -H "X-API-Key: your-key" https://api.yourdomain.com/api/audit \
-H "Content-Type: application/json" \
-d '{"schema": "...", "queries": ["..."], "dialect": "postgres"}'Enable real EXPLAIN plan execution:
SQLAUDITOR_ENABLE_EXPLAIN=true
SQLAUDITOR_POSTGRES_CONNECTION_STRING=postgresql://user:pass@host:5432/dbThis will:
- Execute EXPLAIN queries against your database
- Validate index suggestions
- Provide real performance metrics
Enable performance validation to test index suggestions:
# In your API calls, set validate_performance=True
response = await audit_queries(
schema_ddl=schema,
queries=queries,
dialect="postgres",
validate_performance=True,
)curl https://api.yourdomain.com/api/healthReturns:
{
"ok": true,
"metrics": {
"queries_audited": 1234,
"errors_occurred": 5,
"llm_calls": 890,
"average_audit_time": 1.23
},
"version": "0.1.0"
}Logs are output to stdout/stderr. Configure log level:
SQLAUDITOR_LOG_LEVEL=INFO # DEBUG, INFO, WARNING, ERRORThe backend is stateless and can be scaled horizontally:
# docker-compose.prod.yml
services:
backend:
deploy:
replicas: 3For EXPLAIN features, use connection pooling:
# PostgreSQL connection string with pooling
POSTGRES_CONNECTION_STRING=postgresql://user:pass@host:5432/db?pool_size=10- API key authentication enabled
- CORS configured with specific origins
- Rate limiting enabled
- Input validation enabled
- Error messages sanitized
- HTTPS/TLS enabled
- Database connections secured
- API keys rotated regularly
If you get 401 errors:
- Check
REQUIRE_AUTHis set correctly - Verify API key in request header
- Check API key matches configured key
If EXPLAIN plans aren't generated:
- Verify
ENABLE_EXPLAIN=true - Check connection string is valid
- Ensure database is accessible
- Check logs for connection errors
If queries are slow:
- Check database connection pool size
- Monitor LLM API rate limits
- Review query complexity
- Check EXPLAIN plan execution time
Audit history is stored in SQLite by default:
# Backup
cp backend/db/audit_history.sqlite backup.sqlite
# Restore
cp backup.sqlite backend/db/audit_history.sqliteBackup your .env.production file securely.
- Pull latest code
- Rebuild containers:
docker-compose -f docker-compose.prod.yml build - Restart:
docker-compose -f docker-compose.prod.yml up -d
For issues or questions:
- Check logs:
docker-compose -f docker-compose.prod.yml logs - Review health endpoint metrics
- Check GitHub issues