Feature Requests

The MD WebUI allows the use of SSO in order to present the user with a login challenge in order to access an MD environment. However the local development story uses a permanent non-expiring token that must be either repeatedly added to an environment variable or written to a local .env file to activate before use. This presents a couple of security smells in which either the device is compromised or the local file is accidentally checked into a code repository on accident. A widely used and more secure pattern would be to have a mechanism to login via SSO and have an time-bound (24 hours) token written to a local file that MD is capable of reading. In this way we can still reap the benefits of repeated use of a single token, while also limiting the potential blast radius of accidentally committing the token. We can maintain a zero trust security policy and challenge users to login in order to obtain their time bound access tokens. An example of this is AWS SSO which challenges the user to login via their SSO identity provider and then issues a time-bound set of AWS credentials to the ~/.aws/sso/cache. This is part of the AWS credential chain that the AWS CLI and libraries understand how to read and use.

Add DDL to rename a database. Actual syntax TBD, but we could do either: ALTER DATABASE <database> SET NAME = <name>; RENAME DATABASE <database> to <name>;

MotherDuck should be able to write data into Iceberg tables. Please include other details that would help in your use cases!

It would be good to see all running queries on a duckling and to be able to cancel them. (Similar to show full processlist in mysql for example).

Add query history to the UI and INFORMATION_SCHEMA, details TBD. Should include query properties like job type (SQL, INSERT, etc). If INSERT or similar - data source (files, path etc).

Query MotherDuck through an http REST request that passes in a SQL string and receives the results. Please comment with the specifics of what you would like to see with this API!

Need to secure the network connection between motherduck and AWS vpc.

DDL to download a database from MotherDuck to local. Should also come with a UI counterpart.

It would be good to support 2FA, possibly through an app like Authy. Created on behalf of John Apps.

MotherDuck should support the creation of federated connections to other systems. Initially, this would allow for use the various oltp scanners (PostgreSQL, MySql, Sqlite, etc) but could allow for other types of data stores and catalogs.