Components
A database proxy in JumpWire is comprised of several linked concepts: a database configuration, a labeled schema, and authentication parameters. Collectively they comprise a single database proxy.
Each proxy is configured for a specific database external to JumpWire. Different databases may have slightly different configuration parameters. The credentials provided for this configuration will be used for both setting up JumpWire (migrating data, creating column triggers, etc) and authenticating connections that are proxied through.
Details for connecting to a PostgreSQL database. All fields in the table below are required.
Connection field name | Description |
|---|---|
Hostname | The host of the PostgreSQL server. This hostname or IP address must be reachable by the engine Components |
Port | The port that the PostgreSQL server accepts connections on |
Database | The name of the PostgreSQL database to connect to |
Schema | The name of the schema containing tables to list and describe |
Username | The username to use when connecting to the database server |
Password | A valid password to use when connecting to the database server |
Enable SSL | A toggle indicating whether SSL should be required when connecting to PostgreSQL |
Details for connecting to a MySQL database. All fields in the table below are required.
Connection field name | Description |
|---|---|
Hostname | The host of the MySQL server. This hostname or IP address must be reachable by the engine Components |
Port | The port that the MySQL server accepts connections on |
Database | The name of the MySQL database/schema to connect to |
Username | The username to use when connecting to the database server |
Password | A valid password to use when connecting to the database server |
Enable SSL | A toggle indicating whether SSL should be required when connecting to MySQL |
There are several known limitations specific to the MySQL CLI when connecting to JumpWire. These limitations do not apply to other client libraries.
- The password prompt will truncate entered text to 79 characters. Since the generated tokens are longer than that, the token must be specified as --password=TOKEN and NOT through the interactive prompt.
- With some versions of the MySQL CLI, authentication will only succeed when using SSL. If you must connect to JumpWire without SSL we recommend using the MariaDB CLI as a drop-in replacement, or a programmatic client library instead.
Here is an example connecting to a locally running database:
As soon as the database configuration is saved, JumpWire will connect and list tables in the database. Each table is turned into a schema that can have individual fields labeled.
Labels set on the schema are mapped against Policies to determine whether to apply specific data handling rules. For fields without any labels, no changes are made to the data as it flows through JumpWire.
The example below shows a table named users from the configured PostgreSQL database. Two fields, last_name and ssn, have been assigned the label pii.
The connection string consists of an identifier for this particular database, a token for authentication which maps to a specific classification, and the host and port of the JumpWire proxy. This connection URI is the only change needed in your application configuration to start using JumpWire.
Multiple unique tokens can be generated for each database configuration. Each connection token can be assigned a different classification to indicate which kinds of unmodified data it can receive.
