Tool Launcher

Search for a tool...

1tt.dev1tt.dev
All guides

Connect Any Database via Tunnel

Use the 1tt CLI to create a secure tunnel from your local PostgreSQL or Redis to the web-based studio — no port forwarding or VPN needed.

Why tunneling?

Sometimes your database isn't publicly accessible. It might be running in Docker on localhost, on a private VPN, behind a firewall, or in a staging environment with no inbound ports. Traditional database GUIs require a direct TCP connection — which means you're stuck with a desktop app or complex SSH tunnel configuration.

The 1tt CLI creates a secure WebSocket tunnel from your machine to the web studio. You run one command locally; the browser studio connects through it. No firewall rules, no port forwarding, no VPN required.

How it works

The tunnel operates in three steps:

  1. The 1tt tunnel process starts on your machine and opens a persistent WebSocket connection to wss://1tt.dev.
  2. When you open the Database or Redis Studio in the browser, it sends SQL or Redis commands over that WebSocket to the 1tt process.
  3. The CLI executes those commands against your local database, then streams the results back through the WebSocket to the browser.
Your data never passes through the 1tt.dev server. The backend only forwards opaque WebSocket frames — it cannot read query results or database contents. All traffic between your machine and the browser is encrypted via TLS.

Quick start

Follow these steps to connect any local database to the studio:

  1. Go to 1tt.dev/account/managed and click Connect External.
  2. Click Generate token. Copy the tunnel token shown — it is valid for 24 hours and can only be used once.
  3. Install the CLI on your machine:
    curl -sSfL https://1tt.dev/cli/install.sh | sh
  4. Start the tunnel, pointing it at your database URL:
    1tt tunnel --token <TOKEN> --db postgres://localhost:5432/mydb
    For Redis:
    1tt tunnel --token <TOKEN> --db redis://localhost:6379
  5. Switch back to the browser. The studio will detect the active tunnel, load your schema or key list, and you can start querying immediately.

You can also combine the install and connect steps into a single one-liner:

curl -sSfL https://1tt.dev/cli/install.sh | sh -s -- tunnel --token <TOKEN> --db <DATABASE_URL>

Supported databases

  • PostgreSQL — any version, including local pg, Docker containers, Supabase, Neon, RDS, Aurora, and self-hosted instances
  • Redis — any version, including localredis-server, Docker, redis-stack, Upstash, ElastiCache, Memorystore, and Dragonfly

Security

  • One-time tokens — each token is generated for a single tunnel session and expires after 24 hours.
  • TLS encryption — the WebSocket connection between your machine and 1tt.dev is encrypted end-to-end via TLS.
  • Local execution — all queries run on your machine against your local database process. The 1tt.dev server never receives or stores query results.
  • No persistent storage — no credentials, schemas, or query results are persisted on the server.
If you are connecting to a production database, consider creating a read-only PostgreSQL role or a Redis user with restricted ACL permissions before generating a tunnel token.

CLI reference

The 1tt tunnel subcommand accepts the following flags:

  • --token <TOKEN> — the tunnel token generated from your account dashboard (required)
  • --db <URL> — the database connection URL, e.g. postgres://user:pass@localhost:5432/dbname or redis://localhost:6379 (required)
  • --server <URL> — override the relay server URL (defaults to wss://1tt.dev, useful for self-hosted deployments)

Install methods

  • Shell installer (Linux / macOS): curl -sSfL https://1tt.dev/cli/install.sh | sh
  • Homebrew: brew install 1tt
  • npm: npm install -g @1tt/cli
  • Check installed version: 1tt --version