Databases & Secure connections

The goal is to provide protection of our customer’s personal data transmitted by the Internet and imported to Exponea application by creating SSL/TLS connection or SSH tunnel or both types at once.


Keeping customer data secure is our priority

You must either create and use SSH tunnel or setup encrypted communication with SSL/TLS.

Enable SSH tunnel or SSL/TLS connection

Open the port

Open port 443 on the firewall for SSL/TLS connection or port 22 on his firewall for SSH connection. For SSH tunnel you can use also other ports than 22.

Select a database and a secure connection

Exponea supports some of the secure connections for all databases. See the list of databases and supported configurations in a table below.

Database Name


SSH tunnel

Static IPs

(MS Azure SQL)

not supported


not supported









Amazon RedShift




Create database integration

Every database integration has the same configuration form. For each database you need to fill in these attributes:

  • Hostname (Public ip or hostname of your database, e.g. 28.783.11.22 or
  • Port (e.g. 1433 - TCP destination port for this database)
  • Username (Name of a user who has allowed access to your local database, e.g. "exponea". MS Azure SQL username must be in format "[email protected]",
    e.g. "[email protected]")
  • Password (Password of a user who has allowed access to your local database)
  • Database name (Name of a database you want to access data from)

Configure secure connections

Exponea offers two options for protecting communication between customer’s server and Exponea application. You can pick one of the preferred options or have active both at once.

SSL/TLS encryption

Click on enable SSL/TLS connection

  • Import SSL/TLS certification authority certificate (load SSL/TLS CA file)
  • Import customer´s SSL/TLS certificate (load SSL/TLS Cert file)
  • Import private key of your customer´s server (load SSL/TLS Key file)

The example of how to enable SSL/TLS with MySQL:

SSH tunnel

SSH tunnels have own configuration window. The configuration window is available in Project settings -> SSH tunnels. Only users with Dev. tools permissions have an access to SSH tunnel configuration. Take a look at roles and permissions in an Access management

  • Hostname - hostname of SSH server with its port separated by the colon
  • Username - identification of user
  • Host key - (it is the fingerprint of customer´s server public key - used for identification/verification of the customer´s host). You can find the fingerprint in the known_hosts file on any device that was successfully connected through SSH to your server. You can read more about host keys here.


Importance of Host keys

Host keys serve an important role in securing your communication with the remote server, by checking it really is the server you think it is. Without them, you would be possibly open to various attacks, such as DNS spoofing.


Steps to find the Host key:

If this is your first time connecting to your SSH server, you need to log in to your server. You can skip this step if you have already created a successful connection in the past:

  1. Connect to SSH server: ssh [email protected]_ip_address where user_name is the name of the user that you want to log in as and server_ip_address is the IP address of your server. Now you have made a successful connection and you can terminate it by typing: exit.

Alternatively, since the SSH connection might not work due to unsupported key encryption formats:

  • Connect to the SFTP server using some FTP client (e.g. FileZilla or CyberDuck); Try both or others in order to find the host_key
  1. Navigate to the .ssh directory on your local machine cd ~/.ssh
    Display the content of the known_hosts file. This file contains information about all SSH servers you have been successfully connected to. Each line of the file contains details about the server in the following format: server_ip_address server_host_key. Copy the host key that belongs to your server IP address and paste it into the “Host key” field.

Alternatively, if known_hosts file doesn't have the Host Key:

  • Navigate to the '.putty' directory on your local machine 'cd ~/.putty'
    Display the content of the 'sshhostkeys' file and find the host key in the following format server_ip_address server_host_key. Copy the host key that belongs to your server IP address and paste it into the “Host Key” field.

If the host key doesn't work, contact the hosting admin/support for the key. Please note that OpenSSH is the protocol that manages SSH connections, thus the OpenSSH version on your local machine has to be supporting the encryption protocol on the server; otherwise the OpenSSH KeyGen will not show you the Host Key in the proper format.

  • Authentication
  • SSH key (A new key pair can be generated. Then import a Public key to the SSH server)
  • Password (Enter the password to the SSH server)

Assign SSH to your database integration

All supported integrations have the option to enable SSH integration. When you Enable SSH integration, you need to choose an active SSH tunnel.

Updated 2 months ago

Databases & Secure connections

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close