Currently in order to have control (being able to read full credentials including password) of 1 database via doctl you need to give the personal access token full access to the database section of you account which includes creating and removing databases.

Would be nice if there was a way to create a personal access token and exclude permissions that would impact billing (e.g. creating databases, creating droplets, etc.).