An MCP server implementation for YugabyteDB that allows LLMs to directly interact with your database.
- List all tables in the database, including schema and row counts
- Run read-only SQL queries and return results as JSON
- Designed for use with FastMCP and compatible with MCP clients like Claude Desktop, Cursor, and Windsurf Editor
- Python 3.10 or higher
- uv installed to manage and run the server
- A running YugabyteDB database
- An MCP client such as Claude Desktop or Cursor
Clone this repository and install dependencies:
git clone [email protected]:yugabyte/yugabytedb-mcp-server.git
cd yugabytedb-mcp-server
uv syncThe server is configured using the following:
| Environment Variable | Argument | Optional | Description |
|---|---|---|---|
YUGABYTEDB_URL |
--yugabytedb-url |
No | Connection string for your YugabyteDB database (e.g., dbname=database_name host=hostname port=5433 user=username password=password) |
YB_MCP_TRANSPORT |
--transport |
Yes | Transport protocol to use: stdio or http (default: stdio) |
YB_MCP_STATELESS_HTTP |
--stateless-http |
Yes | Enable stateless Streamable-HTTP mode: true or false (default: false) |
YB_AWS_SSL_ROOT_CERT_SECRET_ARN |
--yb-aws-ssl-root-cert-secret-arn |
Yes | ARN of the AWS Secrets Manager secret containing the TLS root certificate |
YB_AWS_SSL_ROOT_CERT_KEY |
--yb-aws-ssl-root-cert-key |
Yes | Key inside the secret JSON that selects which certificate to use |
YB_SSL_ROOT_CERT_PATH |
--yb-ssl-root-cert-path |
Yes | Filesystem path where the root certificate will be written (default: /tmp/yb-root.crt) |
YB_AWS_SSL_ROOT_CERT_SECRET_REGION |
--yb-aws-ssl-root-cert-secret-region |
Yes | Region of the AWS Secrets Manager secret containing the TLS root certificate |
You can run the server with STDIO transport using uv:
uv run src/server.pyor with stateful Streamable-HTTP transport:
uv run src/server.py --transport httpor with stateless Streamable-HTTP transport:
uv run src/server.py --transport http --stateless-httpBuild the Docker image:
docker build -t mcp/yugabytedb .Run the container with STDIO transport:
docker run -p 8000:8000 -e YUGABYTEDB_URL="your-db-url" mcp/yugabytedbor with Streamable-HTTP transport:
Stateful Server:
docker run -p 8000:8000 \
-e YUGABYTEDB_URL="your-db-url" \
mcp/yugabytedb --transport=http
Stateless Server:
docker run -p 8000:8000 \
-e YUGABYTEDB_URL="your-db-url" \
-e YB_MCP_TRANSPORT=http \
-e YB_MCP_STATELESS_HTTP=true \
mcp/yugabytedb
Stateless Server with SSL enabled cluster:
docker run -p 8000:8000 \
-v /path/to/root.crt:/certs/root.crt:ro \
-e YUGABYTEDB_URL="your-db-url" \
mcp/yugabytedb \
--transport=http \
--stateless-http
If your YugabyteDB cluster has TLS enabled and its root certificate is stored in AWS Secrets Manager, the MCP server can automatically fetch and configure it.
The secret value contains the PEM certificate itself.
docker run -p 8000:8000 \
-e YUGABYTEDB_URL="host=... port=5433 dbname=... user=... password=... sslmode=verify-full" \
-e YB_MCP_TRANSPORT=http \
-e YB_MCP_STATELESS_HTTP=true \
-e YB_AWS_SSL_ROOT_CERT_SECRET_ARN=arn:ofthe:secret:manager \
-e YB_AWS_SSL_ROOT_CERT_SECRET_REGION=region-of-the-secret-manager \
-e AWS_ACCESS_KEY_ID="XXX" \
-e AWS_SECRET_ACCESS_KEY="XXX" \
-e AWS_SESSION_TOKEN="XXX" \
mcp/yugabytedbThe secret value is JSON, for example:
{
"cert-cluster-1": "-----BEGIN CERTIFICATE----- ...",
"cert-cluster-2": "-----BEGIN CERTIFICATE----- ..."
}Select which certificate to use:
docker run -p 8000:8000 \
-e YUGABYTEDB_URL="host=... port=5433 dbname=... user=... password=... sslmode=verify-full" \
-e YB_MCP_TRANSPORT=http \
-e YB_MCP_STATELESS_HTTP=true \
-e YB_AWS_SSL_ROOT_CERT_SECRET_ARN=arn:ofthe:secret:manager \
-e YB_AWS_SSL_ROOT_CERT_KEY=cert-cluster-1 \
-e YB_AWS_SSL_ROOT_CERT_SECRET_REGION=region-of-the-secret-manager \
-e AWS_ACCESS_KEY_ID="XXX" \
-e AWS_SECRET_ACCESS_KEY="XXX" \
-e AWS_SESSION_TOKEN="XXX" \
mcp/yugabytedbBy default the certificate is written to /tmp/yb-root.crt. You can override this using:
-e YB_SSL_ROOT_CERT_PATH=/custom/path/root.crtTo use this server with an MCP client (e.g., Claude Desktop, Cursor), add it to your MCP client configuration.
Example configuration for Cursor:
{
"mcpServers": {
"yugabytedb-mcp": {
"command": "uv",
"args": [
"--directory",
"/path/to/cloned/yugabytedb-mcp-server/",
"run",
"src/server.py"
],
"env": {
"YUGABYTEDB_URL": "dbname=database_name host=hostname port=5433 user=username password=password load_balance=true topology_keys=cloud.region.zone1,cloud.region.zone2"
}
}
}
}- Replace
/path/to/cloned/yugabytedb-mcp-server/with the path to your cloned repository. - Set the correct database URL in the
envsection.
After building the docker container, add the following to claude_config.json entry or equivalent json files for other editors:
{
"mcpServers": {
"yugabytedb-mcp-docker": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"YUGABYTEDB_URL=dbname=yugabyte host=host.docker.internal port=5433 user=yugabyte password=yugabyte load_balance=false",
"mcp/yugabytedb"
]
}
}
}- Edit the configuration file. Go to Claude -> Settings -> Developer -> Edit Config
- Add the above configuration under
mcpServers. - Restart Claude Desktop.
The logs for Claude Desktop can be found in the following locations:
- MacOS: ~/Library/Logs/Claude
- Windows: %APPDATA%\Claude\Logs
The logs can be used to diagnose connection issues or other problems with your MCP server configuration. For more details, refer to the official documentation.
- Install Cursor on your machine.
- Go to Cursor > Settings > Cursor Settings > MCP > Add a new global MCP server.
- Add the configuration as above.
- Save the configuration.
- You will see yugabytedb-mcp-server as an added server in MCP servers list. Refresh to see if server is enabled.
In the bottom panel of Cursor, click on "Output" and select "Cursor MCP" from the dropdown menu to view server logs. This can help diagnose connection issues or other problems with your MCP server configuration.
- Install Windsurf Editor on your machine.
- Go to Windsurf > Settings > Windsurf Settings > Cascade > Model Context Protocol (MCP) Servers > Add server > Add custom server.
- Add the configuration as above.
- Save and refresh.
-
Start the server using Streamable-HTTP:
uv run src/server.py --transport http
Or with Docker:
docker run -p 8000:8000 -e YUGABYTEDB_URL="..." mcp/yugabytedb --transport=http -
Launch the inspector:
npx @modelcontextprotocol/inspector
-
In the GUI, use the URL:
http://localhost:8000/mcp- Change transport type to
Streamable-HTTP - Add the proxy token from the terminal output
- Change transport type to
- summarize_database: Lists all tables in the database, including schema and row counts.
- run_read_only_query: Runs a read-only SQL query and returns the results as JSON.
Once connected via an MCP client, you can:
- Ask for a summary of the database tables and schemas
- Run SELECT queries and get results in JSON
YUGABYTEDB_URL: (required) The connection string for your YugabyteDB/PostgreSQL database
- Ensure the
YUGABYTEDB_URLis set and correct - Verify your database is running and accessible
- Check that your user has the necessary permissions
- Make sure
uvis installed and available in your PATH. Note: If claude is unable to access uv, giving the error:spawn uv ENOENT, try symlinking the uv for global access:
sudo ln -s "$(which uv)" /usr/local/bin/uv- Review logs in your MCP client for connection or query errors
- Project dependencies are managed in
pyproject.toml - Main server logic is in
src/server.py