diff --git a/terraform/main.tf b/terraform/main.tf
index 425f989..177d9e0 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -40,7 +40,7 @@ resource "digitalocean_database_cluster" "postgres" {
   tags = var.tags
 }
 
-# Database firewall - only allow App Platform
+# Database firewall - allow App Platform apps
 resource "digitalocean_database_firewall" "postgres_fw" {
   cluster_id = digitalocean_database_cluster.postgres.id
 
@@ -48,6 +48,14 @@ resource "digitalocean_database_firewall" "postgres_fw" {
     type  = "app"
     value = digitalocean_app.mlb_stats.id
   }
+
+  dynamic "rule" {
+    for_each = var.additional_trusted_sources
+    content {
+      type  = rule.value.type
+      value = rule.value.value
+    }
+  }
 }
 
 # App Platform Application
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 297fc7f..8098b85 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -99,6 +99,16 @@ variable "ga_measurement_id" {
   description = "Google Analytics 4 Measurement ID"
 }
   
+# Additional Trusted Sources (for shared database access)
+variable "additional_trusted_sources" {
+  description = "Additional sources that need access to the database. Each entry needs a type (app, droplet, k8s, ip_addr, tag) and value."
+  type = list(object({
+    type  = string
+    value = string
+  }))
+  default = []
+}
+
 # Custom Domain
 variable "custom_domain" {
   description = "Custom domain for the application (e.g., stats.cartergrove.me)"