zGate Logo
Knowledge Hub

Stop trusting passwords.
Start trusting identity.

zGate is the zero-trust gateway that sits between your team and your databases — short-lived credentials, every query governed and audited, PII masked at the wire. Here's how to get value in minutes.

1:30

Intro video coming soon — the Pain → Solution → Action story, in 90 seconds.

What the 90-second tour covers
0:00 – 0:20

The Pain Point

Teams still share one database password. It never rotates, every query runs unchecked, and when an auditor asks who saw the customer PII — nobody can say.

0:20 – 1:00

The zGate Solution

Log in with SSO and get a short-lived per-session credential from Vault. Every query is intercepted — the Parser reads its structure, the AI flags PII and anomalies, the Server enforces policy and masks sensitive columns at the wire, and writes a full audit record.

1:00 – 1:30

The Call to Action

Stop trusting passwords. Start trusting identity. Start your free trial at z-gate.dev — hosted in minutes, or self-host with Docker.

5-Minute Quick Win

~5 min

Run your first governed query and see zero-trust access live. No infrastructure changes to your apps — just three steps.

1

Install & log in

Grab the CLI and authenticate with your identity provider — no password is ever stored locally.

zgate login
2

Open a database

Launch the TUI, list what you can reach, and open a secured local tunnel to a demo database.

/connect demo-db
3

Run your first analysis

Point any client at the local port and query. PII columns come back masked, and the query lands in the audit log within seconds.

SELECT * FROM customers;
Need the full install walkthrough?Read the docs

Built for your whole team

Whatever your role, zGate meets you where you work. Pick your path below.

The Developer

Stay in your workflow

  • Native CLI + interactive TUI — connect in seconds
  • Works with DBeaver, DataGrip, mysql, psql & sqlcmd over a local 127.0.0.1 tunnel
  • Headless zgate tunnel for CI/CD pipelines
  • mTLS + SSO handled for you — no VPN, no shared secrets
Explore the CLI docs

The DevOps / Admin

Control without friction

  • Deploy hosted SaaS or on-prem Docker Compose (Vault + Keycloak)
  • RBAC roles: super, db_admin, policy_admin, auditor
  • Query allow/deny policies, rate limits & a JIT approval queue
  • Short-lived, Vault-issued credentials across MySQL, PostgreSQL & MSSQL
Start a free trial

The Decision Maker

Provable governance

  • Every connection & query audited — NDJSON exports straight to your SIEM
  • AI-driven PII masking and anomaly detection
  • Data sovereignty: self-host with secrets in your own Vault, optional local-only LLM
  • Eliminate shared credentials to shrink breach and audit risk
Start a free trial

How zGate works

zGate is one system made of focused parts. A query never reaches your database unvetted: the Server is the central interception point, calling the Parser and AI as it goes, then storing an audit record the WebUI renders. Here's the journey, end to end.

Capture
Client + CLI
Query enters the gateway over an mTLS + OIDC tunnel
Intercept
zGate Server
Authenticates, then runs the interception pipeline
Analyze
Parser
T-SQL structure & safety
AI
PII & anomaly scoring
Enforce & Store
Audit Store
Policy + masking applied; encrypted audit record written
Display
WebUI
Admins review sessions, policies & alerts

Choose your path

Fastest

Hosted (SaaS)

Spin up zGate at z-gate.dev in minutes. We run Vault, Keycloak, and the observability stack — you bring your databases.

  • No infrastructure to manage
  • Automatic updates & monitoring
  • Ideal for fast evaluation & pilots

On-Premise

Run the full stack in your own environment on any Azure Virtual Machine or Linux server. Use our Linux system administration installer to bring up Vault, Keycloak, and every service in minutes.

  • Secrets never leave your infrastructure
  • Optional local-only LLM (Ollama) — no external API calls
  • Complete data sovereignty & audit control

Need help?

General Inquiries

Questions about zGate, pricing, or partnerships? Talk to a human.

Technical Support

Setup help, deployment questions, or something not working? We respond fast.

Ready to trust identity, not passwords?

Get hands-on in minutes — hosted, or self-host with Docker.

    Database Access Control