diff --git a/docs/administration/admin-operations.md b/docs/administration/admin-operations.md
index c6a946b7..8979d8aa 100644
--- a/docs/administration/admin-operations.md
+++ b/docs/administration/admin-operations.md
@@ -8,6 +8,7 @@ This is a brief guide for admins and moderators managing content on the registry
   - If you are a maintainer and would like an account, ask in the Discord
 - `gcloud` CLI installed and configured
 - `curl` and `jq` installed
+- `kubectl` installed with `gke-gcloud-auth-plugin` (for database access)
 
 ## Authentication
 
@@ -16,6 +17,43 @@ This is a brief guide for admins and moderators managing content on the registry
 ./tools/admin/auth.sh
 ```
 
+## Connecting to the Production Database
+
+For debugging or data analysis, you can connect directly to the production PostgreSQL database. Use caution and prefer read-only access.
+
+### Prerequisites
+
+Install the GKE auth plugin if you haven't already:
+
+```bash
+gcloud components install gke-gcloud-auth-plugin
+```
+
+### Connect
+
+```bash
+# Get cluster credentials
+gcloud container clusters get-credentials mcp-registry-prod --zone us-central1-b --project mcp-registry-prod
+
+# Get the database password
+kubectl get secret registry-pg-app -o jsonpath='{.data.password}' | base64 -d
+
+# Port-forward and connect (enter the password from above)
+kubectl port-forward svc/registry-pg-rw 15432:5432 &
+sleep 2
+psql -h localhost -p 15432 -U app -d app
+```
+
+### Read-Only Access
+
+To prevent accidental writes, set your session to read-only after connecting:
+
+```sql
+SET default_transaction_read_only = on;
+```
+
+Any write attempts will fail with an error until you disconnect.
+
 ## Edit a Specific Server Version
 
 Use this when you need to modify details of a specific version (e.g., fix description, update status, modify packages).