{"id":17098976,"url":"https://github.com/brunopadz/mammoth","last_synced_at":"2026-01-14T16:27:19.029Z","repository":{"id":65422349,"uuid":"583023658","full_name":"brunopadz/mammoth","owner":"brunopadz","description":"Audit-logging postgres proxy and jumpbox","archived":true,"fork":false,"pushed_at":"2023-12-19T00:10:13.000Z","size":6459,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T18:12:22.278Z","etag":null,"topics":["auditing","jumpbox","postgres","proxy","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"twooster/pg-jump","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brunopadz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-28T14:37:19.000Z","updated_at":"2024-08-07T21:55:42.000Z","dependencies_parsed_at":"2025-02-22T13:33:22.758Z","dependency_job_id":"5b2afe8b-2430-4d8b-86b6-d4c3bbb2d569","html_url":"https://github.com/brunopadz/mammoth","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/brunopadz/mammoth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brunopadz%2Fmammoth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brunopadz%2Fmammoth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brunopadz%2Fmammoth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brunopadz%2Fmammoth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brunopadz","download_url":"https://codeload.github.com/brunopadz/mammoth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brunopadz%2Fmammoth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28425897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T15:24:48.085Z","status":"ssl_error","status_checked_at":"2026-01-14T15:23:41.940Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","jumpbox","postgres","proxy","security"],"created_at":"2024-10-14T15:08:41.204Z","updated_at":"2026-01-14T16:27:19.014Z","avatar_url":"https://github.com/brunopadz.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mammoth\n\n\u003e This project is a fork of a fork of [crunchy-proxy](https://github.com/CrunchyData/crunchy-proxy) and \n\u003e still licensed under [Apache 2.0](./LICENSE).\n\u003e\n\u003e Read about Apache 2.0 [here](https://choosealicense.com/licenses/apache-2.0/).\n\nMammoth is a proxy/jumpbox for PostgreSQL. It logs all commands sent by clients for auditing purposes. \nFor security reasons, it does not log responses from the server.\n\nMammoth supports:\n* SSL (including mTLS, skipping validations, and enforcing SSL as required)\n* Arbitrary jumpbox specified by providing the database as \"host:port/database\"\n* Allowable remote hosts can be restricted by a regexp\n* User blocking\n* Logging of all commands sent to the server\n* Query cancellation (by way of parsing server responses and rewriting the \"backend secrets\")\n\n## Configuring mammoth\n\nYou can use one of the example config file and modify it to suit your needs.\n\n### [Config file without SSL](./examples/config.without-ssl.yaml)\n\n```yaml\n# Listening address\nbind: \":5000\"\n# Log format (default: json)\nlogformat: \"json\"\n# Redis host\nredisserver: \"localhost:6379\"\n# Configuration when accepting client connections\nserver:\n  # To allow non-SSL upgraded connections (default: false)\n  allowUnencrypted: true\n# Configuration connecting to backend servers\nclient:\n  # Whether to allow non-SSL connections to the backend (default: false)\n  allowUnencrypted: true\n  # Whether to attempt an SSL connection at all to the backend (default: true)\n  # If this is false, the value of `allowUnencrypted` does not matter\n  tryssl: false\n```\n\n### [Config file with SSL](./examples/config.with-ssl.yaml)\n\n```yaml\n# Listening address\nbind: \"127.0.0.1:1234\"\n# Log format (default: json)\nlogformat: \"json\"\n# Redis host\nredisserver: \"localhost:6379\"\n# Configuration when accepting client connections\nserver:\n  # Server certificate\n  cert: /etc/pg-jump/server.crt\n  # Server key\n  key: /etc/pg-jump/server.key\n  # CA to verify the client's cert against (if not specified, then\n  # client's cert will not be checked, if provided)\n  ca: /etc/pg-jump/ca.crt\n  # To allow non-SSL upgraded connections (default: false)\n  allowUnencrypted: true\n# Configuration connecting to backend servers\nclient:\n  # Client certificate\n  cert: /etc/pg-jump/client.crt\n  # Client key\n  key: /etc/pg-jump/client.key\n  # CA to verify the server's cert against, if any\n  ca: /etc/pg-jump/ca.crt\n  # Whether to allow non-SSL connections to the backend (default: false)\n  allowUnencrypted: true\n  # Whether to attempt an SSL connection at all to the backend (default: true)\n  # If this is false, the value of `allowUnencrypted` does not matter\n  trySSL: true\n```\n\nThen you can run `mammoth` by specifying the path to config file with the `-c` flag.\n\nIf you don't specify, `mammoth` will look for the file in `PWD`.\n\n```\nmammoth -c \u003cpath-to-config\u003e\n```\n\nMammoth also supports the following configuration options:\n\n```\n--config|-c \u003cpath-to-config-file\u003e\n--log-level \u003ctrace|debug|info|warn|error|fatal|panic\u003e\n--log-format \u003cplain|json\u003e\n```\n\n### Managing blocked users  \n\nIf you wish to block users instead of managing it directly in the database, you can add \nitems to a Redis set named `users`.\n\nAn API is being developed to help manage it easily.\n\nFor more info about using Redis set, check their [docs](https://redis.io/docs/data-types/sets/).\n\n## Using mammoth\n\nUsing mammoth is quite simple. If you're running the server on port `5000`, you can\nset mammoth server as the database server host and specify the destination database as the\ndatabase name. For example:\n\n```\npsql -h mammoth.fqdn.tld -U postgres -p 5000 my_db_server.fqdn.tld/db_name\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrunopadz%2Fmammoth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrunopadz%2Fmammoth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrunopadz%2Fmammoth/lists"}