What I really like here is that rmBug solves a serious problem in a way that feels practical, not performative. A lot of teams talk about security, compliance, and auditability, but once you get close to the database layer, things often become messy very fast. Shared accounts, poor traceability, and a lot of hand-waving around who actually accessed what and why.
rmBug feels like one of those products built by people who have actually lived through that pain. The proxy approach makes a lot of sense because it lowers adoption friction dramatically. Changing one connection string is a very different conversation from redesigning half your stack. On top of that, the focus on tying access to real people or named agents, with a proper audit trail, is exactly the kind of thing that should already exist everywhere, but usually does not.
What makes it especially compelling is that it is not trying to win through feature bloat or enterprise theater, but through clarity, usability, and a realistic pricing mindset.
Hello hello. Mario here, one of the founders behind rmBug.
The domain has been sitting there for a while, waiting for a real problem and the right team. Secure data access turned out to be both. Luka and I kept running into it at every organization we worked in or worked with. Solutions exist, but they're either enterprise-only, require you to self-host, hide pricing behind a "contact us" wall, or they exist because of a recent wave they're hoping to ride.
We want to make database access security as simple as 1-2-3. Today that starts with MySQL and PostgreSQL, with identity-based access for engineers, support teams, and AI agents out of the box. Every connection is tied to a real person or a named agent, with a full audit trail. From here, we want to expand into other areas that touch your data, with your input. Think end-customers with GDPR requests, third-party vendor access, compliance workflows. We want to build this because we know how it feels to not have it. All while keeping an affordable price-tag.
Happy to hear any feedback, jump on a call, or have you as a user. Let's make rmBug the standard for secure data access.
Hey, Luka here, the other half of rmBug.
The thing Mario's being polite about is that most database security today is basically theater. You set up SSO for your apps, IAM for your cloud, mTLS between your services, and then your database authenticates everyone as app_readonly. Twenty engineers, three microservices, and a contractor whose access was never revoked, all showing up as the same account.
I spent twenty years running infrastructure for companies dealing with HIPAA, SOC 2, and production databases that hundreds of people touched daily. The tools either cost six figures, took months to deploy, or made developers find workarounds instead of using them. I kept waiting for someone to build the obvious thing. Nobody did, so here we are.
We're building a proxy layer that fixes this without requiring you to rewire your stack. Connect through rmBug the same way you'd connect directly, using psql, DataGrip, dbt, whatever. Every session gets tied to a real person or a named agent. The migration is "change one connection string," not a quarter-long project.
Starting with MySQL and PostgreSQL. If you've ever had an incident review where someone asked "who ran that query?" and nobody could answer... come talk to us.
OpenOwl
The proxy approach is smart honestly. Nobody wants to rewire their whole stack just to get audit trails. Being able to just swap the connection string and suddenly every query is tied to an actual person is pretty huge.
Curious about the AI agent angle you mentioned. How does that work exactly? Like if I have an automated script hitting the DB does it show up as a named agent or just another generic connection?
@mihir_kanzariya Excellent question! You get an agent-specific token, can name it however you want, and pretty much everything that agent does is attributed to the agent and logged (among other things). Agent can have policies which are different than human policies too.
The way the system works is you can have 100s of agent members (one for ci-x, one for ci-y, one for claude code, etc) where we charge you only for the max concurrent number of agent connections at once (can be limited in the dashboard) rather than the number of agents you have in the system.
Hope this helps!