zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. fhub+gz[view] [source] 2026-01-14 20:53:17
>>nico+(OP)
Our solve is to allow it to work with a local dev database and it's output is a script. Then that script gets checked into version control (auditable and reviewed). Then that script can be run against production. Slower iteration but worth the tradeoff for us.

Giving LLM even read access to PII is a big "no" in my book.

On PII, if you need LLMs to work on production extracted data then https://github.com/microsoft/presidio is a pretty good tool to redact PII. Still needs a bit of an audit but as a first pass does a terrific job.

◧◩
2. hephae+nY[view] [source] 2026-01-14 22:30:22
>>fhub+gz
Agreed - I run an entire second dev environment for LLMs.

Claude code runs in a container, and I just connect that container to the right network.

It's nice to be able to keep mid-task state in that environment without stepping on my own toes. It's easy to control what data is accessible in there, even if I have to work with real data in my dev environment.

[go to top]