io.github.kalehdoo/warehouse-mcp
Production MCP server for Postgres, Oracle, Snowflake, BigQuery, Redshift, DuckDB, MotherDuck.
{
"mcpServers": {
"warehouse-mcp": {
"command": "npx",
"args": [
"-y",
"warehouse-mcp"
],
"env": {
"MCP_TRANSPORT": "stdio",
"WAREHOUSE_TYPE": "<warehouse_type>",
"MCP_API_KEYS": "<your-mcp_api_keys>",
"DUCKDB_PATH": "<duckdb_path>",
"MOTHERDUCK_TOKEN": "<your-motherduck_token>",
"PG_HOST": "<pg_host>",
"PG_DATABASE": "<pg_database>",
"PG_USER": "<pg_user>",
"PG_PASSWORD": "<your-pg_password>",
"ORACLE_USER": "<oracle_user>",
"ORACLE_PASSWORD": "<your-oracle_password>",
"ORACLE_CONNECT_STRING": "<oracle_connect_string>",
"SNOWFLAKE_ACCOUNT": "<snowflake_account>",
"SNOWFLAKE_USER": "<snowflake_user>",
"SNOWFLAKE_PRIVATE_KEY_PATH": "<snowflake_private_key_path>",
"BIGQUERY_PROJECT": "<bigquery_project>",
"GOOGLE_APPLICATION_CREDENTIALS": "<google_application_credentials>",
"GUARDRAIL_PII_MASK": "off",
"MCP_RATE_LIMIT_RPM": "0"
}
}
}
}{
"mcpServers": {
"warehouse-mcp": {
"command": "npx",
"args": [
"-y",
"warehouse-mcp"
],
"env": {
"MCP_TRANSPORT": "stdio",
"WAREHOUSE_TYPE": "<warehouse_type>",
"MCP_API_KEYS": "<your-mcp_api_keys>",
"DUCKDB_PATH": "<duckdb_path>",
"MOTHERDUCK_TOKEN": "<your-motherduck_token>",
"PG_HOST": "<pg_host>",
"PG_DATABASE": "<pg_database>",
"PG_USER": "<pg_user>",
"PG_PASSWORD": "<your-pg_password>",
"ORACLE_USER": "<oracle_user>",
"ORACLE_PASSWORD": "<your-oracle_password>",
"ORACLE_CONNECT_STRING": "<oracle_connect_string>",
"SNOWFLAKE_ACCOUNT": "<snowflake_account>",
"SNOWFLAKE_USER": "<snowflake_user>",
"SNOWFLAKE_PRIVATE_KEY_PATH": "<snowflake_private_key_path>",
"BIGQUERY_PROJECT": "<bigquery_project>",
"GOOGLE_APPLICATION_CREDENTIALS": "<google_application_credentials>",
"GUARDRAIL_PII_MASK": "off",
"MCP_RATE_LIMIT_RPM": "0"
}
}
}
}npx -y warehouse-mcpMCP_TRANSPORTSet to 'stdio' for desktop AI clients (Claude Desktop, Cursor). Defaults to 'http'.
WAREHOUSE_TYPEWhich warehouse to connect to. One of: postgres, oracle, redshift, snowflake, bigquery, duckdb. (DuckDB also handles MotherDuck via DUCKDB_PATH=md:<db>.)
MCP_API_KEYSComma-separated bearer keys with role and optional warehouse-role impersonation: 'key1:reader,key2:admin', 'key3:reader:set_role=alice'. Leave empty for stdio (OS process boundary is the trust boundary). Required for HTTP.
DUCKDB_PATHDuckDB file path, ':memory:', or 'md:<database>' for MotherDuck. Required when WAREHOUSE_TYPE=duckdb.
MOTHERDUCK_TOKENMotherDuck service token. Required when DUCKDB_PATH starts with 'md:'.
PG_HOSTPostgres host. Required when WAREHOUSE_TYPE=postgres. (Use REDSHIFT_HOST for Redshift.)
PG_DATABASEPostgres database name.
PG_USERPostgres user.
PG_PASSWORDPostgres password.
ORACLE_USEROracle user. Required when WAREHOUSE_TYPE=oracle.
ORACLE_PASSWORDOracle password.
ORACLE_CONNECT_STRINGOracle Easy Connect (e.g. host:1521/SERVICE), TNS descriptor, or alias.
SNOWFLAKE_ACCOUNTSnowflake account identifier (e.g. xy12345.us-east-1). Required when WAREHOUSE_TYPE=snowflake.
SNOWFLAKE_USERSnowflake username.
SNOWFLAKE_PRIVATE_KEY_PATHPath to PKCS8 private key (.p8). Snowflake auth is key-pair only; password auth is not supported.
BIGQUERY_PROJECTGCP project id. Required when WAREHOUSE_TYPE=bigquery.
GOOGLE_APPLICATION_CREDENTIALSPath to BigQuery service-account JSON. Omit on GKE / Cloud Run with workload identity.
GUARDRAIL_PII_MASKSet to 'on' to enable role-aware PII masking on result rows (emails, SSNs, phones, IPs, Luhn-validated CCs). Off by default.
MCP_RATE_LIMIT_RPMPer-principal token-bucket rate limit on tool invocations. 0 = disabled. Recommend 60 for production.
Database MCP server for MySQL, MariaDB, PostgreSQL & SQLite
Manage Supabase projects end to end across database, auth, storage, realtime, and migrations. Moni…
Explore your Messages SQLite database to browse tables and inspect schemas with ease. Run flexible…