The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Database Access

Secure remote access to a MySQL, MSSQL, MongoDB, Oracle, or PostgreSQL database

You can enable secure remote access to a database on the dynamic secret that generates ephemeral credentials for the database. Users can then access the database from the Secure Remote Access Portal either over the web (using Adminer) or using the native database CLI.

👍

Tip

Use Akeyless connect command from Akeyless CLI (version 1.42.0 or higher) to access databases from any UNIX terminal.

Prerequisites

To enable secure remote access to a database you need:

In addition, for users to access the database using CLI, you need:

Set Up Remote Access to a Database from the Akeyless CLI

Let's set up remote access to a database using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

  1. Run the update-item command to set the following fields on the dynamic secret that specifies the database details and access credentials:
$ akeyless update-item --name <dynamic secret name> /
--secure-access-enable true /
--secure-access-db-name <database name> /
--secure-access-host <database host:port> /
--secure-access-db-schema <schema-name> /
--secure-access-bastion-issuer </Path/to/SSH/Cert/Issuer>

where:

  • secure-access-db-name: The name of the database as defined in the dynamic secret.
  • secure-access-host: The hostname (or IP address) and port for accessing the database as defined in the dynamic secret.
  • secure-access-db-schema: Optional, only supported for MSSQL and PostgreSQL database dynamic secrets.
  • secure-access-bastion-issuer: Optional, only required to enable CLI access to the database. The path to the SSH Certificate Issuer that should be used for certificate authentication.

Set Up Remote Access to a Database from the Akeyless Console

Let's set up remote access to a database from the Akeyless Console. If you'd prefer, see how to do this from Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Secrets & Keys.

  2. Select the dynamic secret that specifies the database details and access credentials.

  3. Expend the Secure Remote Access menu, select the pencil icon and enable the Secure Remote Access ,then fill the following fields:

  • Host(s) : The hostname (or IP address) and port for accessing the database as defined in the dynamic secret.

For Web Access define the following fields:

  • DB Name : The name of the database as defined in the dynamic secret.
  • Schema : Optional, only supported for MSSQL and PostgreSQL database dynamic secrets.

For CLI Access define the following field:

  • Bastion Issuer : The path to the SSH Certificate Issuer that should be used for certificate authentication.
  1. To the right of the Enable Secure Remote Access field, select the tick mark icon to save your changes.

Access a Database over the Web from the Secure Remote Access Portal

  1. Log in to the Secure Remote Access Portal and select the database type to which you want to connect.

  2. Select the database hostname or IP address, then select Web.
    Adminer opens in a new tab, from which you can interact with the database according to your permissions.

Access a Database Using CLI from the Secure Remote Access Portal

  1. Log in to the Secure Remote Access Portal and select the database type to which you want to connect.

  2. Select the database hostname or IP address, then select CLI.
    A new tab opens, showing that you are connected to the database.

Access a Database using Akeyless connect command

Akeyless Connect command enables application native CLI access:

akeyless connect -t <mysql-server>:3306 -v <via-professional-bastion>:<port> -n "Path to DB Dynamic Secret"

Updated about a month ago

Database Access


Secure remote access to a MySQL, MSSQL, MongoDB, Oracle, or PostgreSQL database

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.