Skip to content
broch
get started →

Database

Broch requires PostgreSQL. You can run it embedded alongside Broch or use an external managed database.

Embedded PostgreSQL

Section titled “Embedded PostgreSQL”

PostgreSQL runs as a sidecar container alongside Broch. No separate database infrastructure to manage.

Available on: Docker Compose (embedded by default in single-host, with-postgres, and with-postgres-byo-cert), DigitalOcean (Droplet has Postgres as a compose service alongside Broch)
Not available on: AWS ECS (uses RDS), Azure Container Apps (uses Postgres Flexible Server) — both modules provision managed external databases by default

When to use: Development, evaluation, small teams, or deployments where you control the host and accept the limitations below.

Limitations

Section titled “Limitations”
  • No disk encryption at rest. The PostgreSQL data directory sits unencrypted on the host volume. (This is distinct from application-level encryption: Broch always encrypts specific sensitive fields — IdP refresh tokens, the license token — with your BROCH_MASTER_KEY regardless of disk encryption. See the Security page.) If your compliance posture requires full disk encryption at rest (SOC 2, HIPAA, GDPR), use an external managed database with encryption configured instead.
  • No high availability. Single instance — if the host goes down, Broch is unavailable.
  • Single instance only. Horizontal clustering (multiple Broch replicas) is not available in the current release. Scale a single instance vertically, or run independent instances per team/region — see Choose Your Platform → Scaling.
  • Backup is your responsibility. See the backup section in each platform’s installation guide.

External PostgreSQL

Section titled “External PostgreSQL”

You provision and manage a PostgreSQL database (or use a managed service), and point Broch at it via a connection string.

When to use: Production deployments, compliance requirements, or any case where the embedded limitations are unacceptable.

Managed database options by platform

Section titled “Managed database options by platform”
PlatformRecommended option
AzureAzure Database for PostgreSQL Flexible Server
AWSAmazon RDS for PostgreSQL
DigitalOceanDigitalOcean Managed Databases
Any Linux hostAny PostgreSQL 14+ instance

Configuration

Section titled “Configuration”

Set the connection string via environment variable:

ConnectionStrings__DefaultConnection=Host=your-db-host;Database=broch;Username=broch;Password=yourpassword

For Docker Compose, use the with-postgres-external variant — same broch + Caddy shape as with-postgres, minus the bundled Postgres service:

Terminal window
git clone https://github.com/broch-io/broch-deploy.git
cd broch-deploy/docker-compose/with-postgres-external


cp .env.example .env
$EDITOR .env       # set BROCH_DB_CONNECTION_STRING to your managed DB


docker compose up -d --build

For AWS and Azure deployments, external Postgres is the default — the Terraform modules provision RDS and Postgres Flexible Server respectively, no toggle required.

Scaling

Section titled “Scaling”

Horizontal clustering (multiple Broch replicas sharing one database behind a load balancer) is not available in the current release. Scale a single instance vertically (more CPU/RAM), or run independent instances — each with its own database and license — per team or region. If clustering is a requirement, contact [email protected]; it is on the roadmap. See Choose Your Platform → Scaling for the full picture.