Discover, query, monitor & optimize every database across Kubernetes, VMs, and cloud — free and offline-first. Provision, back up, automate & govern your fleet with DBHelm Platform.
DBHelm is a desktop app
Open on a Mac, Windows, or Linux computer to install. You can bookmark this page to visit later.
Engines DBHelm discovers + manages
How it works
Connect → Discover (or provision) → Operate. No agents, no sidecars, no cloud dependency. Free, offline-first.
Import kubeconfig or Direct Connect
Open DBHelm, go to Environments, and import your kubeconfig — auto-detects cloud provider, region, and cluster. Or use Direct Connect for any database with just a host and port. No agents, no sidecars.
Environments → Add Environment → Import Kubeconfig
Name: prod-cluster
Provider: ✓ Detected GKE · us-central1
Auth: ✓ Kubeconfig valid
Status: ✓ Connected
Scanning namespaces... done
✓ 4 namespaces · 81 databases discoveredAuto-detect across 56 engines, or spin up fresh
DBHelm scans CRDs, StatefulSets, and Deployments to discover databases across 56 engines — SQL, NoSQL, vector, streaming, cache, time-series. Need a new cluster? The wizard provisions via 17 built-in providers covering all DB-Engines top-10: CNPG / Percona PG / PSMDB / MongoDB Community / MySQL Operator / Redis / K8ssandra / SQL Server / Oracle / Db2 / Strimzi on K8s, plus AWS RDS + Cloud SQL + Azure DB Flexible Server (Postgres + MySQL on each).
All Databases → 81 discovered across 4 environments
PostgreSQL (CloudNativePG) ×3 ● Healthy
MongoDB (Percona PSMDB) ×2 ● Healthy
Redis (Bitnami Helm) ×4 ● Healthy
Kafka (Strimzi Operator) ×1 ● Healthy
Elasticsearch (ECK) ×2 ● Healthy
+ 69 more across 14 types
Or: Clusters → Create → CNPG / PSMDB / Strimzi / RDS / …Monitor, query, optimize, back up, federate, migrate, cost-track
Real-time engine-aware dashboards, on-demand + scheduled backups, a safe-by-default Console with deep adapters, AI assistant on safety rails, cross-engine federation via embedded DuckDB, MySQL→Postgres migration, plus an 8-tool Optimize section: Query Optimizer + Code Optimizer (AI rewrites) + Index Janitor (unused/duplicate/missing-FK indexes with DROP DDL) + Schema Doctor (missing PKs / high-NULL columns / oversized text) + Autovacuum Pressure Map (bloat / wraparound emergency) + Pool Fit (Fit Score 0-100 from pg_stat_activity) + Plan Watch (EXPLAIN regression detection every 30 min) + full-fleet Cost dashboard. Declarative state YAML + GitOps replay + drift detection round it out. All from one unified interface — free to monitor, query & optimize; DBHelm Platform adds provisioning, backups, federation & governance.
┌─ Real-time Monitoring ─────────────┐
│ CPU: ████████░░ 78% Conn: 142 │
│ Mem: ██████░░░░ 62% QPS: 2.4k │
│ IOPS: █████░░░░ 51% Lag: 0.2s │
│ ⚠ 1 alert: Buffer pool hit < 99% │
└────────────────────────────────────┘
SELECT * FROM pg_app.users JOIN my_orders.orders …
✓ Federated query · 1,243 rows · 124msFeatures
Replace scattered CLI tools, dashboards, and scripts with a single control plane that understands every database — from PostgreSQL to Kafka to vector databases.
Auto-detect databases across Kubernetes clusters via CRDs, operators, Helm charts, and StatefulSets. Direct Connect for VMs and bare metal — including self-hosted MongoDB replica sets you operate (not Atlas or vendor DBaaS).
Engine-level metrics for every database type: InnoDB stats, Galera wsrep, Patroni HA, oplog lag, consumer group lag, query latencies — not just K8s pod metrics.
Scheduled automated backups with retention policies, one-click restore with pre-flight validation, and volume snapshot support. Full restore history with audit trail.
AES-256-GCM encryption (scrypt KDF, per-record salt) for all credentials. JWT HS256 + token versioning. Strict CSP, sandboxed Electron renderer with contextIsolation. RBAC with super-admin / admin / read-only roles. Offline-first — no telemetry by default; opt-in error reporting only. 0 known dep CVEs as of v1.22.
Import kubeconfig and go — auto-detects cloud provider, region, and cluster name. Or use Direct Connect for any database with just a host and port. No agents or sidecars.
All databases across all environments in one view. Filter by type, cluster, status, or organization. Multi-cluster, multi-cloud, and multi-org support built-in.
Spin up new clusters from the wizard or YAML: CloudNativePG / Percona PG / Percona Server for MongoDB / MongoDB Community Operator / MySQL Operator (Oracle) / Redis Operator (Spotahome) / Strimzi Kafka / K8ssandra (Cassandra) / SQL Server (StatefulSet) / Oracle Database (OraOperator) / IBM Db2 (Db2u Operator) on K8s, plus AWS RDS Postgres + MySQL, Cloud SQL Postgres + MySQL, Azure Database for PostgreSQL + MySQL Flexible Server.
Attach Postgres + MySQL Direct Connections as virtual catalogs and write ANSI SQL across them in one editor. Joins push down to native scanners.
MySQL → Postgres in three clicks: schema inference, type mapping with lossy flagging, batched data pump, source-vs-target row-count validation.
Query Optimizer + Code Optimizer (AI rewrites) · Index Janitor (unused / duplicate / missing-FK indexes with DROP DDL) · Schema Doctor (tables-without-PK, missing-FK indexes, high-NULL columns, oversized text, never-ANALYZEd) · Autovacuum Pressure Map (bloat, stale stats, wraparound emergency) · Pool Fit (Fit Score 0-100, recommended pool size from pg_stat_activity samples) · Cost (full-fleet, per-table attribution, storage tier ladder). Plan Watch is part of Platform automation.
Paste a query; the optimizer rewrites it using your live schema, indexes, table sizes, and a safe EXPLAIN plan. Works against either a Direct Connection (TCP) OR a K8s-discovered Postgres / MySQL / MongoDB pod (via psql / mysql -B / mongosh --eval inside the pod). Never executes your query — only EXPLAIN runs. Index suggestions ship with the exact CREATE INDEX + tradeoff note.
Paste application code (TS / JS / Python / Java / Go / Ruby / Rust / +5 more) and get back a rewritten version. Looks for N+1 queries, missing pagination, string-concatenated SQL, sync DB calls in async paths, and engine-specific anti-patterns. Credentials redacted before AI call.
Surfaces unused / duplicate / redundant / missing-FK indexes for PostgreSQL OR MySQL family databases — Direct Connect OR K8s-discovered. PG uses pg_stat_user_indexes; MySQL uses sys.schema_unused_indexes + information_schema.STATISTICS. Generates the exact DROP INDEX (PG: CONCURRENTLY) or CREATE INDEX DDL.
PG: missing primary keys, FKs without covering indexes, ≥80% NULL columns, oversized text, never-ANALYZEd tables. MySQL: missing-PK (critical — InnoDB synthesizes hidden 6-byte rowid), missing-FK-index, oversized VARCHAR(>= 1000), tables with stale UPDATE_TIME. Each finding ships with ALTER TABLE / CREATE INDEX / ANALYZE TABLE DDL.
Postgres-only by nature — autovacuum is a PG concept; MySQL's InnoDB does incremental dirty-page flushing automatically. Six categories including BLOAT-EXTREME (50%+ dead tuples → VACUUM FULL), STALE-STATS, NEVER-VACUUMED, HIGH-WRITE-RATE, and the WRAPAROUND emergency check (xid_age >1.5B = STOP traffic + VACUUM FREEZE). Direct Connect or K8s-discovered.
Samples connection-pool state 3× one second apart, returns a Fit Score 0-100 + recommended pool size (2-3× peak active). PG via pg_stat_activity; MySQL via information_schema.PROCESSLIST. Catches POOL-TOO-SMALL, POOL-TOO-LARGE, MAX-CONNECTIONS-LOW, LONG-IDLE leaked connections. Direct Connect or K8s-discovered.
Register a query, DBHelm re-EXPLAINs it every 30 min against PG (EXPLAIN FORMAT JSON) or MySQL (EXPLAIN FORMAT=JSON). Two-layer fingerprinting (query text + plan tree shape). Engine-aware tree walker — PG's plan tree vs MySQL's query_block / nested_loop / table.access_type / table.key. Flags regressions when the engine switches access path OR cost jumps ≥2× with same plan shape.
Counts every database in your fleet — provisioned + K8s-discovered + Direct Connect — not just clusters DBHelm provisioned. Per-cluster monthly + annual estimate using built-in rate cards for AWS RDS / Cloud SQL / Azure Flexible Server / K8s defaults. v1.26 adds per-table cost attribution (70% storage + 30% compute weighted) and a storage tier ladder (gp2→gp3, io1→gp3, pd-ssd→pd-balanced).
A single state.yaml describes clusters + objects + schedules. dbhelm plan shows the diff; dbhelm apply executes; dbhelm export captures live state.
state-history.jsonl mirrors every state change. Optionally pushed to a real Git remote. Replay any historic event back into a StateFile.
Background job compares live state with desired YAML or replay history. Severity buckets surface what needs reconciliation.
Bring-your-own-key (OpenAI / Anthropic / Ollama). Every LLM-suggested query passes through the destructive-op classifier + cost dry-run before you can execute.
General availability for self-hosted MongoDB: PSMDB replica sets, K8s-managed Mongo, and Direct Connect (Atlas, SSH, SOCKS). Monitoring with slow ops, Performance Advisor, and deep links into Studio. DB Studio: paginated read-only Explorer, Schema/Pipeline/Bulk modules, saved queries, staging vs prod Compare, org policies. DML via Safe Ops; DDL via Indexes — Explorer blocks all shell writes.
Server + client blocklist for insert/update/delete, index DDL, $out/$merge, collMod, dropView, and bracket-notation bypasses. Explorer cannot run DDL or DML — use Safe Ops or Indexes tabs. Direct Connect uses a curated mongosh subset via the official driver (not full shell eval).
Fleet workbench for Dashboard / All Databases / fleet Monitoring. Open any cluster in a new workbench tab — full /db/:id workspace with Console, Monitoring, Backups, Optimize. Switch workbenches without aborting running Console queries; close tabs with × when done.
Unified IDE: deep adapters for MongoDB, SQL, Redis, Kafka, Elasticsearch, vector DBs, Neo4j, InfluxDB; SaaS adapters with $-per-query dry-run for BigQuery / Snowflake / Redshift / Databricks. Other engines fall through to a Command adapter.
Read-only mode is the default. Destructive ops (DROP / DELETE / TRUNCATE / dropDatabase / TopicDelete) are detected and blocked until explicit confirm. Every mutation audit-logged.
Create databases, roles, schemas, MongoDB collections + users, Kafka topics, Snowflake warehouses + users + roles, Databricks Unity-Catalog catalogs + schemas + SQL warehouses. UI or declarative YAML.
On-demand backups for CNPG, PSMDB, Percona PG, MySQL Operator, AWS RDS, Strimzi MM2. Cron-style schedules for CNPG, PSMDB, Percona PG, AWS RDS. One-click restore with pre-flight validation; PITR for PSMDB.
One-click install for CNPG / PSMDB / MongoDB Community Operator / MySQL Operator (Oracle) / Redis Operator (Spotahome) / K8ssandra / Strimzi / Percona PG / Oracle Database Operator / IBM Db2u Operator. Manifests fetched through SSRF-safe allowlist; cluster-scoped resources require explicit ack.
@dbhelm/sdk lets the community ship provisioners, backups, schedules, objects, SaaS adapters. Backend loads them from ~/.dbhelm/plugins/ at boot.
One-click diagnostics with scored reports, recommendations, and exportable snapshots.
Connect to any database on VMs, bare metal, or cloud with host and port — no Kubernetes required. Includes SaaS-native paths via service-account JSON.
Vacuum, reindex, compaction, cache flush per database. Cron-like automation for recurring tasks.
Configurable alerts on metrics, thresholds, and anomalies with pluggable notification channels.
Complete audit trail of every action — who did what, when, and where. RBAC-gated. State-changing events also mirrored into the GitOps log.
Centralized log viewing with search, filtering, and real-time tailing.
Native builds for macOS, Windows, and Linux. Free, offline-first; opt-in error reporting only.
Every engine below auto-discovers from your Kubernetes clusters; most also work via Direct Connect on VMs you control. MongoDB monitoring targets self-hosted deployments.
+ Oracle, Snowflake, DynamoDB, Cosmos DB, BigQuery, Redshift, Aurora, Db2, SAP HANA, and more
Intelligence
Seven built-in advisors that turn raw telemetry into decisions: what to fix, what to upgrade, what to right-size, what's running hot right now. Plus the AI assistant + Query/Code Optimizer + cross-engine federation + cost dashboard layered on top. Zero setup, works the moment you connect a cluster.
Runbook automation · K8s only
Five pre-built diagnostic playbooks for incidents your team hits at 3am: high CPU, replication lag, connection-pool exhaustion, disk-space alert, slow-query analysis. Auto-runs checks via kubectl exec, surfaces findings ranked by severity. K8s-discovered databases only today.
Failover simulation · K8s only
Score every K8s-discovered database on DR readiness. Evaluate backup freshness, replica health, and failover readiness — then run dry-run failover simulations without touching production. RPO is derived from last snapshot age; RTO is a heuristic from replica count and snapshot size. Direct-connect databases not supported today.
Stop paying for idle pods · K8s only
Find over-provisioned K8s workloads and under-provisioned ones at risk. Compare CPU/memory requests vs actual usage from the metrics-server with concrete, per-pod recommendations and a fleet-wide efficiency score.
Policy-as-code for data · 7 checks today
Build policies from the seven built-in check types — backup configured, alerting configured, replica count, SSL enabled, max connections, resource limits, password policy. Evaluate across every database and produce per-DB pass/fail reports with severity. Policies are session-scoped today; persistent policy storage is on the roadmap.
Same-engine version upgrades without surprises
Detect EOL versions across your fleet via in-pod version probes (psql / mysql / mongosh / redis-cli when K8s; falls back to declared version otherwise), see recommended upgrade paths, and run pre-flight compatibility checks that flag breaking changes before you touch a pod. For moving data between different engines, see Engine Migration in Operations.
See the wall before you hit it · K8s for live metrics
Linear-regression projections for storage, memory, and connections. Every K8s-discovered database gets a days-until-full estimate, a growth rate, and an urgency tier. Trends are session-scoped per process today (~5 min cache); persistent history is on the roadmap. Direct-connect DBs need K8s metrics-server access for full forecasts.
Active queries · K8s only
Real-time view of active queries, slow queries, and client connections for PostgreSQL, MySQL, MongoDB, and Redis. Lock contention is full for PG + MySQL (waits / blocked-by graph), aggregate global stats for MongoDB, and not exposed for Redis (single-threaded — no lock graph). The first place to look when something is slow right now.
Every tool activates automatically when you connect a database. No agents, no extra scrape configs, no PromQL to write.
Every recommendation understands the engine — Galera wsrep, oplog, Patroni HA, Raft, consumer-group lag — not just pod CPU.
All analysis runs locally on your machine. No default telemetry, no cloud roundtrip, no compliance conversation with your security team.
Bring your own OpenAI / Anthropic / Ollama key. Every LLM-suggested query passes through the destructive-op classifier + cost dry-run. The LLM never auto-executes.
Embedded DuckDB attaches Postgres + MySQL Direct Connections as virtual catalogs. Write ANSI SQL across them; joins push down to native scanners.
Counts every database in your fleet — provisioned + K8s-discovered + Direct Connect. Per-table cost attribution drilldown (70% storage + 30% compute). Storage tier ladder (gp2→gp3, io1→gp3, pd-ssd→pd-balanced).
Query Optimizer · Code Optimizer (v1.23) · Index Janitor (v1.25) · Schema Doctor · Autovacuum Pressure Map · Pool Fit (v1.26) · Plan Watch (v1.27) · Cost. Eight focused tools — each does one thing well, ships ready-to-run DDL or recommendations, never executes your data.
MongoDB Atlas, AWS RDS, Confluent Cloud, ClickHouse Cloud and the rest charge 2–4× the raw infrastructure cost for the same hardware. DBHelm gives you the monitoring, backups, DR, and day-2 operations of a managed service on your own cloud — so you pocket the difference.
3 nodes · 16 GB RAM · 100 GB data
$1.04/hr on AWS + backup + egress
3× r6i.large · 300 GB gp3
$5,412 per year
Primary + 2 replicas · 32 GB RAM · 500 GB data
Multi-AZ premium + gp3 + backup
3× r6i.xlarge · 1.5 TB gp3
$7,500 per year
3 brokers · 8 vCPU / 32 GB · 500 GB logs
Base + ingress + egress + storage
3× m6i.2xlarge · 1.5 TB gp3
$22,800 per year
The managed-DB markup is the premium you pay to skip ops work. DBHelm removes most of that work — auto-discovery, monitoring, backups, DR testing, incident playbooks, right-sizing, capacity forecasting — so the markup stops making sense.
Use Cases
Whether you're building a platform, responding to incidents, or optimizing performance — DBHelm adapts to your workflow.
"We need one tool to provision + manage Postgres on RDS, Mongo on K8s, and Kafka via Strimzi — without writing terraform glue and bespoke runbooks."
Give your teams a unified provisioning + management plane. The wizard creates clusters via 17 built-in providers covering every DB-Engines top-10 engine; the declarative state YAML codifies your fleet so a CI pipeline can apply it.
"At 3am when a database is slow, I need engine-level metrics — InnoDB lock waits, replication lag, slow queries — not pod CPU. And I need to query the live DB without fear of running DROP by mistake."
Engine-aware dashboards, the live transaction tracer, the AI assistant that classifies destructive ops before you can run them, and a console that defaults to read-only. Plus the drift detector tells you when live state doesn't match desired.
"I manage Percona on K8s, RDS Postgres, a bare-metal MySQL we want to migrate to Postgres, and we're trying to figure out which managed DB is bleeding money."
On-demand + scheduled backups with one-click restore. MySQL→Postgres migration in three clicks. Eight Optimize tools (Query/Code Optimizer, Index Janitor, Schema Doctor, Autovacuum Pressure Map, Pool Fit, Plan Watch, Cost) cover everything from query rewriting to wraparound emergencies. Cross-engine federation lets you JOIN across Postgres + MySQL DBs without ETL.
Comparison
One control plane across every database you run — not a per-vendor silo, a CLI, or a single-DB GUI.
| Feature | Recommended DBHelm | Managed DBaaS Atlas, RDS, Cloud SQL | kubectl | K8s Dashboards | DB GUIs DBeaver, TablePlus |
|---|---|---|---|---|---|
| Core | |||||
| Kubernetes-native discovery (CRDs / StatefulSets / Helm) | Yes | No | Partial | No | No |
| Direct Connect (VMs / cloud / SaaS) | Yes | No | No | No | Yes |
| 56 discovery engines, all in one app | Yes | No | No | No | Partial |
| Deep engine-level monitoring (oplog / Galera / Patroni) | Yes | Partial | No | No | No |
| Multi-cluster + multi-org RBAC | Yes | Partial | Partial | Yes | No |
| Provisioning | |||||
| Cluster provisioning (17 providers — every DB-Engines top-10 covered) | Yes | Partial | Partial | No | No |
| Operator Hub (one-click install for 10 operators incl. CNPG / PSMDB / MongoDB Community / MySQL / Redis / K8ssandra / Strimzi / Percona PG / Oracle / Db2u) | Yes | No | No | No | No |
| Object admin (databases / roles / schemas / topics) | Yes | Yes | No | No | Partial |
| Intelligence | |||||
| AI assistant on safety rails (BYO key) | Yes | No | No | No | No |
| Cross-engine federation (DuckDB; Postgres + MySQL today) | Yes | No | No | No | No |
| Declarative state YAML (plan / apply / export) | Yes | Partial | No | No | No |
| GitOps event log + replay + drift detector | Yes | No | No | No | No |
| Cost dashboard (full-fleet: provisioned + K8s-discovered + Direct Connect; per-table attribution; gp2→gp3 ladder) | Yes | No | No | No | No |
| Migration engine (MySQL → Postgres in three clicks) | Yes | Partial | No | No | No |
| Query Optimizer (live schema-aware SQL/Mongo rewrites + index DDL) | Yes | Partial | No | No | No |
| Code Optimizer (12-language app-code rewrites; cred redaction) | Yes | No | No | No | No |
| Index Janitor (unused / duplicate / missing-FK indexes with DROP DDL) | Yes | Partial | No | No | No |
| Schema Doctor (missing PKs, missing-FK indexes, high-NULL columns, oversized text) | Yes | No | No | No | No |
| Autovacuum Pressure Map (bloat, stale stats, wraparound emergency) | Yes | No | No | No | No |
| Pool Fit (pg_stat_activity sampling + Fit Score + recommended pool size) | Yes | No | No | No | No |
| Plan Watch (re-EXPLAIN every 30 min; alert on plan-shape change or ≥2× cost jump) | Yes | No | No | No | No |
| DR readiness scoring + dry-run failover (K8s only) | Yes | Partial | No | No | No |
| Capacity forecasting (storage / memory / connections) | Yes | Partial | No | No | No |
| Right-sizing recommendations | Yes | Partial | No | Partial | No |
| Incident playbook automation (5 templates, K8s only) | Yes | No | No | No | No |
| Compliance policy engine + report export | Yes | Partial | No | No | No |
| Operations | |||||
| On-demand + scheduled backups; one-click restore | Yes | Yes | No | No | No |
| Console with deep adapters + safe-by-default queries | Yes | Partial | Partial | Partial | Partial |
| Per-query $-cost preview (BigQuery / Snowflake / Redshift / Databricks) | Yes | No | Partial | Partial | No |
| Plugin SDK (community provisioners + adapters) | Yes | No | No | No | No |
| Runs without a vendor account — free, offline-first, no signup | Yes | No | Yes | Partial | Partial |
Managed DBaaS (Atlas, RDS, Cloud SQL) genuinely wins on hands-off automated backups, failover, and zero-ops scaling — but only for its own single-vendor instances. DBHelm gives you one control plane across every engine, on any infrastructure, with no vendor lock-in. Use both: let managed services run what they run, and use DBHelm to see, query, optimize, and operate the rest of your fleet.
By the numbers
Works with your infrastructure
DBHelm is a desktop app. Your credentials and metadata stay on your machine. Read-only is the default; destructive operations require explicit confirmation.
All credentials and kubeconfigs encrypted at rest in the local SQLite store
DROP / DELETE / TRUNCATE / dropDatabase / TopicDelete blocked until you confirm
Super-admin / admin / read-only roles with org isolation; JWT HS256 + token versioning
Works fully offline. No signup, no account needed. Optional error reporting only.
Don't take our word for it
We're a young project. Instead of fabricated testimonials, here's the proof you can check yourself.
Every release runs the full test suite on Linux + macOS + Windows before binaries are published. Coverage spans destructive-op classification, type mapping, rate-card lookups, federation classification, declarative diffing, replay reconstruction, optimizer prompt builders, EXPLAIN safety, credential redaction, SSRF allowlists, plugin sandboxing.
See full release historyEvery release ships with a per-feature changelog: what shipped, what's in beta, what we cut. No vapor — what's on the changelog is what's in the binary you download. The roadmap calls out planned (🗓️) and in-flight (🔨) work too.
Read the changelogmacOS DMG, Windows installer, Linux AppImage + .deb published on every tag, with auto-updater wired in. No signup, no email gate, no credit card. Try it before you trust it.
Download v1.63.2Used DBHelm and want to share your experience? Email hello@dbhelm.com — we'd love to feature real quotes from real users instead of inventing them.
Pricing
DBHelm is free, forever, to connect, query, monitor, advise and optimize your databases. DBHelm Platform adds provisioning, backups, automation and governance.
Actively expanding — everything above is live today; new operate-layer capabilities ship every release.
See plans & start a trialFAQ
More questions? Reach out at hello@dbhelm.com
Get Started
Download DBHelm and get full visibility into your entire database infrastructure in under two minutes. Free to start.
macOS · Windows · Linux · Free to start · No signup