Use Neon as your dev environment for AWS RDS: accelerate your workflow while reducing costs

Protected branches

Learn how to use Neon's protected branches feature to secure access to critical data

Neon's protected branches feature lets you apply IP restrictions to specific branches in your Neon project as an added layer of data protection. The following retsrictions also apply to protected branches:

  • Protected branches cannot be deleted.
  • Protected branches cannot be reset.
  • Projects with protected branches cannot be deleted.
  • Computes associated with a protected branch cannot be deleted.

You have to remove branch protection before you can perfom these actions. See Remove branch protection.

The protected branches feature is available with the Neon Scale plan.

How to set up protected branches

The protected branches feature works in combination with Neon's IP Allow feature. The basic setup steps are:

  1. Define an IP allowlist for your project
  2. Restrict IP access to protected branches only
  3. Set a branch as protected

Define an IP allowlist for your project

To configure an allowlist:

  1. Select a project in the Neon Console.
  2. On the Neon Dashboard, select Project settings.
  3. Select IP Allow. IP Allow configuration
  4. Specify the IP addresses you want to permit. Separate multiple entries with commas.
  5. Optionally, select Allow unrestricted access to non-default branches to allow full access to your non-default branches.
  6. Click Save changes.

For details about specifying IP addresses, see How to specify IP addresses.

Restrict IP access to protected branches only

After defining an IP allowlist, the next step is to select the Restrict access to protected branches only option.

IP Allow configuration

This option removes IP restrictions from all branches in your Neon project and applies them to protected branches only.

After you've selected the protected branches option, click Save changes to apply the new configuration.

Set a branch as protected

The last step in the setup is to designate a branch as protected. We'll define a single branch as protected in this example, but you can have up to 5 protected branches.

To set a branch as protected:

  1. In the Neon Console, select a project.

  2. Select Branches to view the branches for the project.

    Branch page

  3. Select a branch from the table. In this example, we'll configure our default branch main as a protected branch.

  4. On the branch page, click the More drop-down menu and select Set as protected.

    Set as protected

  5. In the Set as protected confirmation dialog, click Set as protected to confirm your selection.

    Set as protected confirmation

    Your branch is now designated as protected, as indicated by the protected branch shield icon, shown below. Only the trusted IP addresses on your IP allowlist will be able to connect to this branch.

    important

    With this configuration, there is no restriction on IP access to the other branches in your project.

    Branch page badge

    The protected branch designation also appears on your Branches page.

    Branches page badge

Remove branch protection

Removing a protected branch designation can be performed by selecting Set as unprotected from the More drop-down menu on the branch page.

Need help?

Join our Discord Server to ask questions or see what others are doing with Neon. Users on paid plans can open a support ticket from the console. For more detail, see Getting Support.

Last updated on

Edit this page
Was this page helpful?