Documentation
Access Guide
Database Access
Secure access to PostgreSQL, MySQL, MongoDB, Redis, and 15+ databases. Protocol-aware proxy with query auditing and dynamic credentials.
Estimated time: 15 minutes
Key Features
Protocol-Aware Proxy
Deep integration with each database protocol
Dynamic Credentials
Short-lived credentials generated on-demand
Query Auditing
Log all queries for compliance and debugging
Fine-Grained RBAC
Control access by database, schema, and user
Setup Steps
1
Register a Database
Add your database to TigerAccess.
tacctl create -f - <<EOF
kind: db
metadata:
name: prod-postgres
labels:
env: production
team: platform
spec:
protocol: postgres
uri: postgres.internal:5432
admin_user:
name: tigeraccess-admin
EOF2
Configure Database Role
Define who can access which databases.
tacctl create -f - <<EOF
kind: role
metadata:
name: db-developer
spec:
allow:
db_labels:
env: [dev, staging]
db_names: ["*"]
db_users: [readonly, developer]
options:
max_session_ttl: 8h
EOF3
Enable Query Auditing
Log all database queries for compliance.
tacctl create -f - <<EOF
kind: role
metadata:
name: audited-db-access
spec:
options:
record_session:
default: strict
# Log all queries
audit_queries: true
audit_query_results: false # Don't log result data
EOF4
Connect to Database
Access databases through TigerAccess.
# Login
tac login --proxy=access.company.com
# List available databases
tac db ls
# Connect to a database
tac db connect prod-postgres
# Connect with specific user
tac db connect prod-postgres --db-user=readonly
# Use with native client
tac proxy db prod-postgres -p 5433 &
psql -h localhost -p 5433 -U readonlyDatabase Access Configured
With database access configured, you have:
- Secure access to all your databases
- Dynamic, short-lived credentials
- Complete query audit trail
- Works with native database clients