Lightweight Prod Database Break-Glass Mediator With Multi-Party Approval for Writes

dev tool real project •• multiple requests

Backend engineers without a dedicated DBA need direct prod DB access for 2am debugging but keep nuking tables with stray UPDATE-without-WHERE. Read-only replicas don't cover write-side break-glass, full PAM platforms (CyberArk, Teleport) are heavyweight, and 'just build an admin endpoint' isn't realistic for one-off incidents.

builder note

Don't sell PAM. Sell 'psql wrapper' that's invisible for SELECTs, intercepts DDL/UPDATE/DELETE, and routes them to a Slack thread for second-engineer approval. Audit trail and EXPLAIN preview are the two killer details.

landscape (4 existing solutions)

The market splits between heavyweight enterprise PAM (Teleport/Boundary/CyberArk) and DIY scripts. Nothing targets the 5–50 engineer team that wants psql-fast read access plus a 'paste your UPDATE for one click peer approval' break-glass path.

Teleport Database Access Excellent but requires running the full Teleport cluster and is priced for orgs that already do PAM, not 5-person backend teams.

HashiCorp Boundary Session brokering but no native multi-party write approval workflow tuned for ad-hoc SQL during incidents.

Bytebase Strong for planned schema changes, weaker for the 'oncall needs to run a one-off UPDATE in 90 seconds' path.

Steampipe / psql + tmux + a Slack hope What most small teams actually do today — no audit trail, no second-pair-of-eyes, no rollback safety net.

sources (2)

reddit https://www.reddit.com/r/sre/comments/1stbi0y/how_do_you_act... "Nobody wants to build an admin endpoint just to cover edge cases at 2am." 2026-04-23

reddit https://www.reddit.com/r/sre/comments/1stbi0y/how_do_you_act... "Write access only granted to a special proxy role with reviewer approval." 2026-04-23

databaseincident-responsebreak-glassauditsmall-teams