菜单
Configure DigitalOcean Managed MySQL, MongoDB, Valkey, Kafka, and OpenSearch for App Platform. Use when setting up non-PostgreSQL databases, configuring trusted sources, or troubleshooting database connectivity.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Routes DigitalOcean App Platform tasks to specialized sub-skills. Use when working with App Platform deployments, migrations, database configuration, networking, or troubleshooting.
Configure DigitalOcean Managed Postgres with bindable variables or schema isolation. Use when setting up databases, creating users, managing permissions, configuring multi-tenant schemas, or troubleshooting database connectivity on App Platform.
Migrate applications from Heroku, AWS, Render, Railway, Fly.io, or Docker Compose to DigitalOcean App Platform. Use when converting existing apps, mapping services, refactoring platform-specific code, or creating app specs from other platform configurations.
Configure DigitalOcean Gradient AI serverless inference and Agent Development Kit. Use when adding LLM inference, model access keys, serverless AI endpoints, or building AI agents with ADK on App Platform.
Deploy applications to DigitalOcean App Platform via GitHub Actions with proper environment management and secrets handling. Use when setting up CI/CD pipelines, configuring staging/production environments, managing deployment secrets, or creating GitHub Actions workflows.
Transform natural language application descriptions into production-ready DigitalOcean App Platform specifications. Use when designing apps, creating app specs, generating deploy.template.yaml, or architecting multi-component applications.
| name | managed-db-services |
| version | 1.0.0 |
| min_doctl_version | 1.82.0 |
| description | Configure DigitalOcean Managed MySQL, MongoDB, Valkey, Kafka, and OpenSearch for App Platform. Use when setting up non-PostgreSQL databases, configuring trusted sources, or troubleshooting database connectivity. |
| related_skills | ["designer","networking"] |
| deprecated | false |
Configure DigitalOcean Managed MySQL, MongoDB, Valkey (Redis), Kafka, and OpenSearch for App Platform applications.
Which database engine?
├── PostgreSQL → Use the postgres skill instead
├── MySQL → See reference/mysql.md
├── MongoDB → See reference/mongodb.md
├── Valkey/Redis → See reference/valkey.md
├── Kafka → See reference/kafka.md (⚠️ trusted sources limitations)
└── OpenSearch → See reference/opensearch.md
Tip: For complex multi-step deployments, use the planner skill. For an overview of all skills, see root SKILL.md.
| Constraint | Impact |
|---|---|
| Dev databases | PostgreSQL only — MySQL/MongoDB/Kafka/OpenSearch require production: true |
| Build-time DB access | ❌ Trusted sources block build phase — use PRE_DEPLOY job for migrations |
| Kafka trusted sources | IP-based only (ip_addr:); app-based (app:) NOT supported |
| OpenSearch logging | ❌ NOT supported with trusted sources enabled |
| MongoDB db_name | Cannot contain capital letters in app spec |
| Network Mode | Rule Type | Supported Engines |
|---|---|---|
| Public | app:$APP_ID | MySQL, MongoDB, Valkey, OpenSearch |
| Public | app:$APP_ID | ❌ Kafka (not supported) |
| VPC | ip_addr:<vpc-cidr> | All engines |
| VPC | app:$APP_ID | ❌ None (app rules whitelist public IP only) |
VPC deployments: Use VPC CIDR (
ip_addr:10.126.0.0/20) — simpler than per-app IPs.See networking skill - Trusted Sources for complete configuration.
databases:
- name: db # Component name (used in ${db.VAR_NAME})
engine: <ENGINE> # MYSQL, MONGODB, REDIS, KAFKA, OPENSEARCH
production: true # REQUIRED for bindable variables
cluster_name: my-cluster # Must match existing cluster name
db_name: myappdb # Database within cluster (where applicable)
db_user: myappuser # User created via doctl
| Variable | Description |
|---|---|
${db.DATABASE_URL} | Full connection string (PUBLIC hostname only!) |
${db.HOSTNAME} | Database host (PUBLIC hostname only!) |
${db.PORT} | Database port |
${db.USERNAME} | Database user |
${db.PASSWORD} | Database password (auto-populated) |
${db.DATABASE} | Database name |
${db.CA_CERT} | CA certificate for TLS |
VPC Note: Bindable variables return PUBLIC hostnames even with VPC enabled. For private endpoints, add separate
*_PRIVATE_*environment variables with hardcoded private hostnames.
| Engine | App Spec | Port | Protocol | Key Notes |
|---|---|---|---|---|
| MySQL | MYSQL | 25060 | mysql://...?ssl-mode=REQUIRED | Full guide |
| MongoDB | MONGODB | 27017 | mongodb+srv://...?tls=true&authSource=admin | Full guide |
| Valkey | REDIS | 25061 | rediss:// (with SSL) | Full guide |
| Kafka | KAFKA | 9093 | SASL/SCRAM-SHA-256 | Full guide |
| OpenSearch | OPENSEARCH | 25060 | https:// with basic auth | Full guide |
# 1. Create cluster + user
doctl databases create my-mysql --engine mysql --region nyc3 --size db-s-1vcpu-2gb --version 8
CLUSTER_ID=$(doctl databases list --format ID,Name --no-header | grep my-mysql | awk '{print $1}')
doctl databases db create $CLUSTER_ID myappdb
doctl databases user create $CLUSTER_ID myappuser
# 2. Add to trusted sources
APP_ID=$(doctl apps list --format ID,Spec.Name --no-header | grep my-app | awk '{print $1}')
doctl databases firewalls append $CLUSTER_ID --rule app:$APP_ID
# 3. Reference in app spec
databases:
- name: db
engine: MYSQL
production: true
cluster_name: my-mysql
db_name: myappdb
db_user: myappuser
services:
- name: api
envs:
- key: DATABASE_URL
scope: RUN_TIME
value: ${db.DATABASE_URL}
Full guide: See mysql.md
doctl databases create my-mongo --engine mongodb --region nyc3 --size db-s-1vcpu-2gb --version 7
CLUSTER_ID=$(doctl databases list --format ID,Name --no-header | grep my-mongo | awk '{print $1}')
doctl databases user create $CLUSTER_ID myappuser
doctl databases firewalls append $CLUSTER_ID --rule app:$APP_ID
databases:
- name: db
engine: MONGODB
production: true
cluster_name: my-mongo
db_user: myappuser
services:
- name: api
envs:
- key: MONGODB_URI
scope: RUN_TIME
value: ${db.DATABASE_URL}
Full guide: See mongodb.md
doctl databases create my-valkey --engine redis --region nyc3 --size db-s-1vcpu-2gb --version 7
CLUSTER_ID=$(doctl databases list --format ID,Name --no-header | grep my-valkey | awk '{print $1}')
doctl databases firewalls append $CLUSTER_ID --rule app:$APP_ID
databases:
- name: cache
engine: REDIS
production: true
cluster_name: my-valkey
services:
- name: api
envs:
- key: REDIS_URL
scope: RUN_TIME
value: ${cache.DATABASE_URL}
Full guide: See valkey.md
Warning: Kafka does NOT support
app:$APP_IDtrusted source rules. Use VPC + IP-based rules or disable trusted sources.
doctl databases create my-kafka --engine kafka --region nyc3 --size db-s-2vcpu-4gb --version 3.7
CLUSTER_ID=$(doctl databases list --format ID,Name --no-header | grep my-kafka | awk '{print $1}')
doctl databases topics create $CLUSTER_ID my-topic --partition-count 3 --replication-factor 2
databases:
- name: kafka
engine: KAFKA
production: true
cluster_name: my-kafka
services:
- name: api
envs:
- key: KAFKA_BROKER
scope: RUN_TIME
value: ${kafka.HOSTNAME}:${kafka.PORT}
- key: KAFKA_USERNAME
scope: RUN_TIME
value: ${kafka.USERNAME}
- key: KAFKA_PASSWORD
scope: RUN_TIME
value: ${kafka.PASSWORD}
- key: KAFKA_CA_CERT
scope: RUN_TIME
value: ${kafka.CA_CERT}
Full guide: See kafka.md
Warning: Logging to OpenSearch requires trusted sources to be disabled.
doctl databases create my-opensearch --engine opensearch --region nyc3 --size db-s-2vcpu-4gb --version 2
CLUSTER_ID=$(doctl databases list --format ID,Name --no-header | grep my-opensearch | awk '{print $1}')
doctl databases user create $CLUSTER_ID myappuser
doctl databases firewalls append $CLUSTER_ID --rule app:$APP_ID
databases:
- name: search
engine: OPENSEARCH
production: true
cluster_name: my-opensearch
db_user: myappuser
services:
- name: api
envs:
- key: OPENSEARCH_URL
scope: RUN_TIME
value: https://${search.USERNAME}:${search.PASSWORD}@${search.HOSTNAME}:${search.PORT}
Full guide: See opensearch.md
# List all database clusters
doctl databases list
# Get cluster details
doctl databases get <cluster-id>
# Create user (DO manages password)
doctl databases user create <cluster-id> <username>
# List users
doctl databases user list <cluster-id>
# Create database within cluster
doctl databases db create <cluster-id> <db-name>
# Get connection details
doctl databases connection <cluster-id>
# Trusted sources (firewall)
doctl databases firewalls append <cluster-id> --rule app:<app-id>
doctl databases firewalls list <cluster-id>
| Error | Cause | Fix |
|---|---|---|
| "Connection refused" | App not in trusted sources | doctl databases firewalls append <cluster-id> --rule app:<app-id> |
| "Access denied" | User permissions not set | Grant permissions via SQL or recreate user |
| Bindable vars empty | Missing production: true | Add production: true to database block |
| SSL required | Connection string missing SSL | Add ?ssl-mode=REQUIRED (MySQL), ?tls=true (MongoDB), use rediss:// (Valkey) |
| Kafka connection fails | Using app: rule | Kafka only supports ip_addr: rules — use VPC or disable TS |
Use the postgres skill for:
This skill is for straightforward single-database setups with MySQL, MongoDB, Valkey, Kafka, or OpenSearch.
| Skill | Integration |
|---|---|
| designer | Generates databases: block in app spec |
| deployment | No additional secrets needed — bindable vars handle credentials |
| networking | VPC + trusted sources configuration |
| troubleshooting | Debug container for connectivity testing |