Make Postgres Standard and Premium plans optionally not open to connections from public internet

[friism]

Required Terms

• [X] I agree to follow this project's Code of Conduct
• [X] I have read and accept the Salesforce Program Agreement

What service(s) is this request for?

postgresql

Tell us about what you're trying to solve. What challenges are you facing?

Currently, all non-Private Space database plans can be connected to from the public internet (secured with encryption and requiring authentication). Only when moving to Private Spaces do we support the option of databases that are not open to the internet.

As an option, we should support creating databases used with Common Runtime apps that are not available on the public internet.

[chillu]

Honestly, this is one of the major factors currently pulling us away from Heroku. We're on Enterprise, and don't really need 95% of Private Spaces features apart from this one. For now, we rotate credentials on each deployment (made very easy through Heroku!) as a mitigating control, but it feels wrong to have your database exposed on a public network.

[amrikr]

@chillu: FWIW, the Borealis Isolated Postgres add-on does exactly what you're looking for and it doesn't require Heroku Enterprise.

[jbrown-heroku]

Thank you for raising this issue. As we are building the next-generation Heroku database platform, we want to build this feature in as an option. Once we are closer to the delivery, I will update, but target is 2025 March.