Database
Broch requires PostgreSQL. You can run it embedded alongside Broch or use an external managed database.
Embedded PostgreSQL
Section titled “Embedded PostgreSQL”PostgreSQL runs as a sidecar container alongside Broch. No separate database infrastructure to manage.
Available on: Docker Compose, Azure (sidecar), DigitalOcean
Not available on: AWS (always uses RDS)
When to use: Development, evaluation, small teams, or deployments where you control the host and accept the limitations below.
Limitations
Section titled “Limitations”- No encryption at rest. Data is stored unencrypted on the host volume. If your compliance posture requires encryption at rest (SOC 2, HIPAA, GDPR), use an external managed database instead. See the Security and Compliance page for details.
- No high availability. Single instance — if the host goes down, Broch is unavailable.
- Single-instance scaling only. Horizontal scaling (multiple Broch replicas) requires a shared external database. If you ever need more than one replica, you will need to migrate to an external database.
- Backup is your responsibility. See the backup section in each platform’s installation guide.
External PostgreSQL
Section titled “External PostgreSQL”You provision and manage a PostgreSQL database (or use a managed service), and point Broch at it via a connection string.
When to use: Production deployments, compliance requirements, multi-replica setups, or any case where the embedded limitations are unacceptable.
Managed database options by platform
Section titled “Managed database options by platform”| Platform | Recommended option |
|---|---|
| Azure | Azure Database for PostgreSQL Flexible Server |
| AWS | Amazon RDS for PostgreSQL |
| DigitalOcean | DigitalOcean Managed Databases |
| Any Linux host | Any PostgreSQL 14+ instance |
Configuration
Section titled “Configuration”Set the connection string via environment variable:
ConnectionStrings__DefaultConnection=Host=your-db-host;Database=broch;Username=broch;Password=yourpasswordFor the Docker Compose deployment, use the docker-compose.external-db.yml override to remove the embedded PostgreSQL service:
docker compose -f docker-compose.yml -f docker-compose.external-db.yml up -dHorizontal Scaling
Section titled “Horizontal Scaling”To run multiple Broch replicas (for capacity or availability), all replicas must share a single external PostgreSQL database. Each replica maintains its own in-memory tunnel state — tunnels are not shared across replicas. Load balancers should use sticky sessions or a consistent-hash routing strategy so that requests to a given tunnel URL always reach the replica that holds that tunnel’s connection.