Open Source · Self-Hosted · Your Database

Secured by the database.
Not by middleware.

Authorization in Rebase is Postgres row-level security, enforced by the database itself — and it fails closed: a table without RLS is refused, never leaked. Self-hosted, open-source, and your data never touches our servers.

Security Principles

Three pillars that define how Rebase handles your data.

Your Data Stays Put

Rebase connects to your PostgreSQL database. Your data never leaves your infrastructure — it's your server, your database, your rules.

Database-Level Enforcement

Row-Level Security policies, role-based access control, and JWT authentication — defined in code, enforced by PostgreSQL.

Fully Auditable

The Rebase server is open-source under the MIT license. Audit the code, inspect every query, verify every permission check. No black boxes.

Data Sovereignty

Your Data, Your Infrastructure

Unlike SaaS platforms that ingest and control your data, Rebase connects directly to your own PostgreSQL database.

No Data Migration Required

Rebase introspects and adapts to your existing schema.

Zero Vendor Lock-in

Stop using Rebase anytime — your data stays exactly where it is.

Direct Infrastructure Access

Full control over your PostgreSQL database, backups, and infrastructure.

rebase-introspect

Connect to Your Postgres Database

Point Rebase at your connection string. Everything runs on your infrastructure.

DATABASE_URL
Status: Connected
v3.1.2
Database-Level Enforcement

Row-Level Security

Define who can read, create, update, and delete each row — enforced directly by PostgreSQL. Policies are written as code in your schema, version-controlled, and applied via migrations. No middleware, no ORM hacks. And it fails closed: a table without RLS has no authorization model, so Rebase refuses to serve it — and prints the exact SQL to protect it at boot. There is no auth check to forget.

rls-policies.ts
Synced with database
Roles & Permissions

Role-Based Access Control

Define roles in your schema — admin, editor, viewer, or any custom role you need. Each role gets granular permissions per collection.

Per-collection permissions — SELECT, INSERT, UPDATE, DELETE per role per collection.

RLS integration — Policies can reference the current user's role for row-level filtering.

JWT authentication — Stateless token-based auth with configurable expiry and refresh.

roles
Row Level Security
role === 'admin'ALL
role === 'editor'SELECT, UPDATE
public
DENIED
Self-Hosted

Deploy on Your Terms

Run Rebase wherever you want. No proprietary cloud required.

Your Database

Run PostgreSQL anywhere — AWS RDS, Supabase, Neon, a VPS, or your own hardware. Rebase connects to it; you own it.

Your Server

Deploy the Rebase backend as a Node.js process or Docker container. Railway, Render, Fly.io, or bare metal — your call.

Your Rules

Auth, RLS policies, and API permissions live in your codebase. Review them in PRs, version them in Git, enforce them in CI.

Designed for Compliance

Because your data stays in your own database, compliance with GDPR, CCPA, and other privacy regulations is simpler by design.

You Are the Data Controller

You maintain direct control and legal responsibility for your end-user data. No third-party processor involved.

Direct Data Access

Fulfill access and deletion requests directly from your database — no support tickets, no waiting on a vendor.

Data Residency Control

Choose your PostgreSQL deployment region to meet residency requirements. EU, US, or anywhere else — your choice.

Ready to Give It a Try?

Use Rebase to keep your data sovereign while delivering powerful content management.