HN Reader

Ask HN: Data engineers, What suck when working on exploratory data-related task?

8 points by robz75 12h ago 12 comments

Ask HN: You have $35,000 how do you invest it?

12 points by asim 14h ago 29 comments

Is there a way to run an LLM as a better local search engine?

4 points by oblio 15h ago 13 comments

BMW ConnectedDrive lets me control my returned rental car (Sixt)

85 points by derturm666 1d ago 52 comments

Is GitHub Down?

38 points by Mahn 1d ago 23 comments

Ask HN: Tech people who are self employed. How do you do it?

15 points by throwaway_owe98 1d ago 6 comments

GitHub API Is Down

17 points by carstonh 1d ago 5 comments

Ask HN: What cool skill or project interests you, but feels out of reach?

125 points by akktor 9d ago 263 comments

Ask HN: How to Deal with a Bad Manager?

83 points by finik_throwaway 1d ago 77 comments

What newspaper are you paying for these days?

10 points by mynti 1d ago 32 comments

Job searching and torrent-related homelab infra

2 points by McAlpine5892 1d ago 3 comments

Ask HN: How do I give back to people helped me when I was young and had nothing?

395 points by jupiterglimpse 5d ago 206 comments

Tell HN: Help restore the tax deduction for software dev in the US (Section 174)

2431 points by dang 9d ago 905 comments

Ask HN: In a guide to inner work for founders and engs, what topics to cover?

3 points by cjbarber 1d ago 3 comments

What does it mean to use C++ in the front end?

11 points by AliceHe2003 1d ago 2 comments

Ask HN: What is your fallback job if AI takes away your career?

93 points by 7402 5d ago 191 comments

PSA: iwantmyname is utterly broken

5 points by kelstar18 1d ago 2 comments

Ask HN: Is there an AI bot that works like a literate programming build step

16 points by bryanrasmussen 3d ago 12 comments

Ask HN: How to learn CUDA to professional level

248 points by upmind 10d ago 82 comments

Engineers at our startup don't build features anymore

13 points by s4293918 2d ago 18 comments

Ask HN: Genuine alternatives to Google and Apple for releasing paid apps

22 points by asjdflakjsdf 4d ago 13 comments

Ask HN: Prevent Secrets from Committing to Repos

6 points by abhijais1 3d ago 14 comments

Ask HN: Is ageism in tech still a problem?

149 points by leonagano 5d ago 186 comments

Ask HN: Casual Math Book Suggestions

14 points by vriendspookstem 5d ago 7 comments

Ask HN: Seeking ways to improve my planning skills and follow-through

22 points by skuuuLaPoo 5d ago 10 comments

Ask HN: Minecraft's UI element style (vs. modern flat glass interface)

20 points by xeonmc 6d ago 17 comments

Show HN: VeilStream – prod-like data without the PII

18 joram87 10 6/18/2025, 2:06:36 PM app.veilstream.com ↗
# TL;DR We built VeilStream, a drop-in, read-only PostgreSQL proxy that strips, masks, or anonymizes sensitive values as queries stream through. In less than two minutes, you can put a proxy in front of a PostgreSQL database, whether hosted on your laptop, Neon, Supabase, or a cloud provider, and the user is able to start configuring filter rules.

The use cases we're trying to solve are:

- Production-like data in development environments

- Improve incident handling by masking all data that is not relevant

- Share a subset of your data

- Protecting data being shipped into a data lake

- Safe data to expose in internal tooling, metrics, or BI dashboards

- Empower non-technical staff to vibe-code against sanitized data

# How it fits in your stack

- Role based policies: define masking rules in our web dashboard

- The proxy picks up the configuration and starts applying rules automatically.

## You host it

- it's a docker container, two environment variables: an api key, and the database URI connection

## We host it

- Drop-in proxy: no code changes. Point your connection string at a new endpoint, that's it.

# How it works (and how fast it is)

Restructuring the query AST based on the config. AST rewrites depend on the text/structure of the query, not on how many rows the database eventually returns, so they are effectively O(1) with respect to result size.

# Status & feedback wanted

VeilStream is GA, but billing isn’t switched on yet so it's currently free at all tiers. We’d love your thoughts on:

- throughput / latency in real workloads

- Filter rules & DevX

- weird edge-case queries (pg_dump, logical replication, etc.)

I’ll be around all day to answer questions and dig into issues.

# tagline

Ship features with data you can trust and privacy you don't have to worry about.

Comments (10)

Brycee · 8h ago
This looks awesome! A couple questions though:

How do you handle connection pooling? Does this interfere with pgbouncer or similar tools?

Also, does this work with all PostgreSQL extensions (PostGIS, timescaledb, etc.)?

joram87 · 8h ago
Good questions.

We do not do connection pooling yet. currently it's a fresh connection per query (which adds a bit of latency). We're intending to add basic connection pooling shortly after launch. That said, if you put it in-front of pgbouncer, that would work well.

PostGIS and other extensions are on the radar, but currently are not supported. The proxy works with the extensions, but can't mask the data yet. If we get requests for specific extensions to be fully supported, we'll implement (same with extra masking data types). I look forward to the GIS data implementation, as I've met one of the postGIS contributors and have discussed several of those masking complexities.

Ksbt · 5h ago
Super promising. What data types can Veilstream handle? Like can I mask nested jsonb, uuids, IP addresses, arrays? Would be wild if adding new filters was fast enough to support weird internal schemas or bespoke pii.
joram87 · 4h ago
- jsonb : kinda, we do static json replacement, with more complex rules on the horizon, where you could replace some regex-like path with a random func.

- uuids: no, but I should. adding to my list :)

- ip addresses: yes ip4 and ip6, but I want to go further and let you configure the replacement ips to be within specified cidr blocks

- arrays: again, not yet. Do you mind if I ask the use case? Arrays are commonly done as single rows and foreign keys/look ups, which we can do.

We've internally got the path for adding new filter types (dashboard configuration, api layer storage, and proxy rule implementation) pretty optimized. it takes us a day or two to add simple requested filters. longer for more complex ones.

Ksbt · 4h ago
Beauty. For arrays was thinking of semi-structured stuff in audit logs or embedded tags, but yeah, can probably reshape upstream. Awesome to see the path to custom filters is already so streamlined.
joram87 · 3h ago
re: streamlining the custom filters

we were considering allowing the user to inject stored procedures themselves, and then use those, but currently, we're opting to implemented them ourselves, so we have better control over the user experience. In the future, for very custom stored procedures, I think we may allow the custom path.

5hawnaActually · 4h ago
Very cool. Is there a way to only mask/obfuscate some of the data? i.e. Mask the email in rows where the country column is country X?
joram87 · 4h ago
Oh yes! We made that possible through conditionals. We default to unconditional modification, but if you toggle the conditional option, you can provide a list of conditions which, if they all pass, trigger the modifications.

A future improvement to that: currently the conditions are all ANDed together, I'd like to support more types of boolean logic in the future. :)

PeterZaitsev · 8h ago
Is there GitHub link or something ? Right now as I follow the link all it wants is for me to "login" before showing anything at all
joram87 · 8h ago
ah yeah, I linked the web app, the landing page is here: https://www.veilstream.com/ Currently we don't have much publicly on the GitHub page.