Secrets and Connection Pool Fix - What You Need to Know

⚠️ Critical: Secrets Cannot Fix This Issue

The connection pool exhaustion is NOT caused by missing or incorrect secrets.

The root cause is that your Cloud SQL instance (db-f1-micro) is too small - it only supports ~25 connections, but you need ~64 connections.

Secrets in `deploy-metabase.yml` Workflow

Secrets That Exist (But Don't Control Connection Pools)

Looking at the Metabase deployment workflow, these secrets are used:

METABASE_POOL_MAX (Optional, Line 469)
- Status: Referenced but DOES NOT ACTUALLY CONTROL Metabase's connection pool
- Purpose: Only used for logging/reference in the workflow
- Reality: Metabase uses HikariCP defaults (~10-15 connections per instance) which cannot be easily configured via environment variables when using MB_DB_* connection variables
- Action: You can ignore this secret - setting it won't change anything
Required Metabase Secrets:
- METABASE_DB_CONNECTION_URI - Database connection (required)
- METABASE_SITE_URL - Public URL (optional but recommended)
- METABASE_EMBED_SECRET_KEY - JWT secret (required)
- MB_ANON_TRACKING_ENABLED - Optional (defaults to false)
- MB_ENABLE_PUBLIC_SHARING - Optional (defaults to false)

What Actually Controls Metabase Connections

Instance scaling: --max-instances=2 in the workflow (Line 512)
Already optimized: Metabase is already set to 2 max instances

The Real Fix: Upgrade Cloud SQL Instance

The issue is your Cloud SQL instance tier, not secrets:

# Upgrade the instance (this is the real fix)
gcloud sql instances patch metabase-db-staging \
  --tier=db-g1-small \
  --project=barto-dev

Current: db-f1-micro → ~25 max connections
Needed: db-g1-small → ~100 max connections
Your usage: ~64 connections

Temporary Mitigation (Backend Only)

If you cannot upgrade immediately, you can reduce backend connection usage (NOT in the Metabase workflow):

In GitHub Secrets → staging environment:

DB_POOL_MAX=2

This reduces backend connections from 30 (10 instances × 3) to 20 (10 instances × 2), saving 10 connections.

Note: This secret is used in the backend deployment workflows (deploy-staging-from-main.yml and deploy-production.yml), NOT in the Metabase workflow.

Summary

Secret	Workflow	Does It Help?	Action
`METABASE_POOL_MAX`	`deploy-metabase.yml`	❌ No	Ignore - doesn't actually control pool
`DB_POOL_MAX`	Backend workflows	⚠️ Temporary only	Can reduce backend usage (saves 10 connections)
Cloud SQL Instance Tier	N/A	✅ YES - This is the fix	Upgrade from `db-f1-micro` to `db-g1-small`

Recommended Action Plan

Immediate (Required): Upgrade Cloud SQL instance
```
./scripts/upgrade-cloudsql-instance.sh
```
Optional (Temporary): Reduce backend pool if upgrade is delayed
- Set DB_POOL_MAX=2 in GitHub Secrets → staging environment
- This is a temporary workaround, not a permanent solution
Don't bother with: METABASE_POOL_MAX secret - it doesn't do anything

⚠️ Critical: Secrets Cannot Fix This Issue​

Secrets in deploy-metabase.yml Workflow​

Secrets That Exist (But Don't Control Connection Pools)​

What Actually Controls Metabase Connections​

The Real Fix: Upgrade Cloud SQL Instance​

Temporary Mitigation (Backend Only)​

Summary​

Recommended Action Plan​