{"id":168,"date":"2026-04-29T13:03:56","date_gmt":"2026-04-29T13:03:56","guid":{"rendered":"https:\/\/abrarqasim.com\/blog\/rust-sqlx-production-eight-months-of-lessons\/"},"modified":"2026-04-29T13:03:56","modified_gmt":"2026-04-29T13:03:56","slug":"rust-sqlx-production-eight-months-of-lessons","status":"publish","type":"post","link":"https:\/\/abrarqasim.com\/blog\/rust-sqlx-production-eight-months-of-lessons\/","title":{"rendered":"Rust sqlx in Production: 8 Months of Lessons"},"content":{"rendered":"

Confession: when I first added sqlx to a Rust service, I spent half a day fighting it. The compile-time SQL checks felt magical until I tried to run cargo check<\/code> with the database offline. Then the magic became a rake to the face.<\/p>\n

Eight months later that same service is in production, has handled a few million requests, and I haven’t ripped sqlx out. I’ve also figured out which features I actually use, which ones I avoided after the first burn, and which docs I wish someone had handed me on day one.<\/p>\n

This isn’t a tutorial. The official sqlx README<\/a> does that job fine. This is the post-deployment write-up. What bit me, what I now do without thinking, and the small handful of patterns that turned sqlx from “interesting library” into “boring infrastructure” in my codebase. If you’re picking a database layer for an Axum or Actix backend (I covered the framework choice in my Rust web frameworks roundup<\/a>), read on.<\/p>\n

The compile-time check is great. Until it isn’t.<\/h2>\n

The selling point of sqlx is sqlx::query!()<\/code>, a macro that connects to a real database at compile time, runs an EXPLAIN, and gives you a struct typed to your actual schema. This is wonderful when it works.<\/p>\n

Here’s what bit me: it requires DATABASE_URL<\/code> to be set and the database to be reachable when you run cargo check<\/code>. Fine on my laptop. Not fine in CI, not fine on a colleague’s machine, and not fine when you want to ship a Docker image build that doesn’t depend on a live Postgres.<\/p>\n

The fix is offline mode. Run cargo sqlx prepare<\/code> once with the database connected, commit the resulting .sqlx\/<\/code> directory, and your builds work without a database. I now treat this as part of the workflow, not an afterthought:<\/p>\n

# After any change to a query!() macro\ncargo sqlx prepare\ngit add .sqlx\ngit commit -m "Update sqlx query metadata"\n<\/code><\/pre>\n
In CI, I run cargo sqlx prepare --check<\/code> to fail the build if the cached metadata is stale. That single line has saved me three “works on my machine” incidents.<\/p>\n
sqlx::query! vs sqlx::query: I use both<\/h2>\n
I see new projects pick one and stick with it. After a while, you want both.<\/p>\n
Use query!()<\/code> and query_as!()<\/code> for everything where the SQL is fixed and the result shape is known. You get compile-time SQL validation and a typed struct back. No .try_get(\"column\")<\/code> calls, no string typos at runtime.<\/p>\n
let user = sqlx::query_as!(\n    User,\n    "SELECT id, email, created_at FROM users WHERE id = $1",\n    user_id\n)\n.fetch_one(&pool)\n.await?;\n<\/code><\/pre>\n
Use plain query()<\/code> and query_as()<\/code> (no exclamation mark) when you build SQL dynamically. Search filters, optional conditions, anything where the WHERE clause depends on runtime input. The macros can’t know your SQL ahead of time if you stitch it together at runtime.<\/p>\n
let mut sql = String::from("SELECT * FROM events WHERE 1=1");\nif after_id.is_some() {\n    sql.push_str(" AND id > $1");\n}\n\nlet rows = sqlx::query_as::<_, Event>(&sql)\n    .bind(after_id)\n    .fetch_all(&pool)\n    .await?;\n<\/code><\/pre>\n
The mistake I see most often is people reaching for the QueryBuilder<\/code> for everything. It’s there for a reason, but for static queries the macros win on safety. The docs.rs page for sqlx<\/a> lays out the trait bounds explicitly if you want to dig into why the type inference works the way it does.<\/p>\n
Connection pool: stop copying the default<\/h2>\n
Every sqlx tutorial I’ve read uses PgPoolOptions::new().connect(url).await?<\/code>. That gives you a pool with max_connections = 10<\/code> and an acquire_timeout<\/code> of 30 seconds. Both are wrong for most production services.<\/p>\n
Postgres has a hard cap on max_connections<\/code> (default 100). If your service has 4 instances each opening 10 connections, you’ve used 40% of the cap before any other service touches the database. I’ve seen “we ran out of Postgres connections” outages caused by exactly this.<\/p>\n
What I actually configure now:<\/p>\n
let pool = PgPoolOptions::new()\n    .max_connections(20)\n    .min_connections(5)\n    .acquire_timeout(Duration::from_secs(3))\n    .idle_timeout(Duration::from_secs(60 * 10))\n    .max_lifetime(Duration::from_secs(60 * 30))\n    .connect(&database_url)\n    .await?;\n<\/code><\/pre>\n
Three things changed. acquire_timeout<\/code> is short: if I can’t get a connection in 3 seconds, something is wrong and I’d rather fail the request than queue. idle_timeout<\/code> and max_lifetime<\/code> are both set so connections recycle, because Postgres connections that live forever pin memory and can outlive load balancer changes. min_connections<\/code> keeps a few warm so the first request after idle isn’t slow.<\/p>\n
These numbers aren’t universal. They’re the starting point I tune from.<\/p>\n
Transactions and the “but the trait” problem<\/h2>\n
This is the sqlx footgun that gets every Rust beginner. You write a helper function that takes a &PgPool<\/code>, then you wrap a few helpers in a transaction and the borrow checker explodes.<\/p>\n
\/\/ Doesn't work the way you'd hope:\nasync fn create_user(pool: &PgPool, email: &str) -> Result<User> {\n    sqlx::query_as!(User, "INSERT INTO users (email) VALUES ($1) RETURNING *", email)\n        .fetch_one(pool)\n        .await\n}\n\n\/\/ You can't pass the transaction here without changing the signature.\nlet mut tx = pool.begin().await?;\nlet user = create_user(&tx, "test@example.com").await?; \/\/ ERROR\ntx.commit().await?;\n<\/code><\/pre>\n
The fix is to make your helpers generic over Executor<\/code>:<\/p>\n
async fn create_user<'e, E>(executor: E, email: &str) -> Result<User>\nwhere\n    E: sqlx::Executor<'e, Database = sqlx::Postgres>,\n{\n    sqlx::query_as!(User, "INSERT INTO users (email) VALUES ($1) RETURNING *", email)\n        .fetch_one(executor)\n        .await\n}\n<\/code><\/pre>\n
Now both &pool<\/code> and &mut tx<\/code> work. I write almost every database helper this way. The signature looks ugly the first time but you stop noticing after a week, and you never have to choose between transaction-aware and pool-aware versions of the same function. If the lifetime annotation feels mysterious, my older borrow checker writeup<\/a> covers why 'e<\/code> shows up here.<\/p>\n
Migrations: yes, just use sqlx-cli<\/h2>\n
I tried Refinery first because it had a nicer Rust-side API. I switched back to sqlx-cli<\/code> after a month because the integration with the macros is too useful to give up. sqlx prepare<\/code> and sqlx migrate run<\/code> share state, and the migrations directory layout is what query!()<\/code> introspects against.<\/p>\n
# Once\ncargo install sqlx-cli --no-default-features --features postgres\n\n# New migration\nsqlx migrate add -r create_users_table\n\n# Run it\nsqlx migrate run\n\n# In your binary\nsqlx::migrate!().run(&pool).await?;\n<\/code><\/pre>\n
sqlx::migrate!()<\/code> reads the migrations\/<\/code> folder at compile time and embeds the SQL into your binary. No filesystem dependency at runtime. This matters when you ship a Docker image, because the container does not need the migrations directory.<\/p>\n
One thing to know: sqlx migrate add -r<\/code> creates a paired .up.sql<\/code> and .down.sql<\/code>. The -r<\/code> is for “reversible”. I’ve never actually run a down migration in production (I roll forward), but the discipline of writing one forces you to think about whether the change is safe to undo. Worth the 30 seconds.<\/p>\n
What I’d do differently<\/h2>\n
If I were starting today, three changes from my original setup.<\/p>\n
First, enable offline mode on day one. Don’t wait until the first CI failure to learn cargo sqlx prepare<\/code>. The friction of “did I forget to commit .sqlx\/<\/code>?” is low once it’s a habit.<\/p>\n
Second, write the helper functions generic over Executor<\/code> from the first commit. Refactoring a few hundred lines of database code to add the generics later is annoying. Doing it from the start costs you an extra type parameter you stop seeing within a week.<\/p>\n
Third, set the pool config explicitly, even for a hobby project. The defaults look reasonable and they’re not. Spending five minutes on max_connections<\/code> and acquire_timeout<\/code> upfront prevents a class of incident that’s painful to debug under load.<\/p>\n
If you’re starting a new Rust service this week, do these three things in order: enable SQLX_OFFLINE<\/code> in your build with cargo sqlx prepare<\/code>, set max_connections<\/code> in the pool builder, and add cargo sqlx prepare --check<\/code> to CI. That’s it. Everything else (query macros, transactions, migrations) you can pick up as you need them.<\/p>\n
I write up more of this kind of “what actually shipped” Rust work over on my project page<\/a>. The Rust async book<\/a> is still the right place to start if any of the await stuff in this post felt fast. It’s the one official Rust resource I keep open in a tab.<\/p>\n","protected":false},"excerpt":{"rendered":"
I shipped sqlx in a Rust production service for 8 months. Here’s the patterns I keep, the footguns that bit me, and what I’d do differently from day one.<\/p>\n","protected":false},"author":2,"featured_media":167,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"","rank_math_description":"I shipped sqlx in a Rust production service for 8 months. Here's the patterns I keep, the footguns that bit me, and what I'd do differently from day one.","rank_math_focus_keyword":"sqlx rust","rank_math_canonical_url":"","rank_math_robots":"","footnotes":""},"categories":[147,142],"tags":[179,49,178,177,64,176],"class_list":["post-168","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backend","category-rust","tag-async","tag-backend","tag-database","tag-postgres","tag-rust","tag-sqlx"],"_links":{"self":[{"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/posts\/168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":0,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/media\/167"}],"wp:attachment":[{"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/abrarqasim.com\/blog\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}