Access to a MySQL server
🛡️ Intro
In this example, we'll secure access to a MySQL Database server using Border0.
For more info about Border0 and Databases, also see this video demo and blog.
We'll walk through the following steps together.
- Launch a MySQL server (Docker)
- Create a database socket and link it to our connector
- Connecting to Your MySQL Database
- Review Session Details and Recordings
- Troubleshooting
1 Run a local MySQL server with docker
You can make any MySQL database server available with Border0; for testing purposes, we'll use a MySQL Docker container as the server.
It works through NAT and Firewalls
Don't worry if your laptop is behind NAT. Border0 works perfectly fine with resources that are behind NAT.
docker run --name some-mysql --rm -e MYSQL_ROOT_PASSWORD=my-secret-pw -d -p 3306:3306 mysql
This will start a local MySQL server listening on port 3306, with my-secret-pw as root password.
Before we continue, let's just make sure if it came up ok and test connecting to the database locally as user root
and password my-secret-pw
mysql -u root -pmy-secret-pw -h localhost --protocol TCP
Once connected, you can do a query like the one below. If this works, you're all good to continue. Your local MySQL instance is working.
$ mysql -u root -pmy-secret-pw -h localhost --protocol TCP
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 8.0.30 MySQL Community Server - GPL
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SHOW VARIABLES LIKE 'version';
+---------------+--------+
| Variable_name | Value |
+---------------+--------+
| version | 8.0.30 |
+---------------+--------+
1 row in set (0.00 sec)
mysql>
2 - Create a database socket and link it to your connector.
Now that we have a working database for our example it's time to create a database socket and link it to our connector.
- In the Sockets page, click on new Database socket
- set a name and optionally a description
Upstream Configuration
here we can configure how your connector can connect and authenticate to the upstream database server.
- Select standard for Service type
- For authentication select username and password.
- Protocol: MySQL since we're working with a MySQL server
- For hostname and port we'll use localhost and port 3306. Adjust as needed for your environment.
- Credentials, in our example we used root and my-secret-pw Adjust as needed for your environment.
- Connector: Select your connector from the list
That's it, now click create new socket button. And you should have access to your MySQL database.

Now connect your newly created socket to the Border0 Platform. For example by clicking on the blue connect button, which will redirect you to our web based database client.
Securing your credentials
In the preceding example, we configured Border0 with credentials to access an upstream database. These credentials are essential for the connector running in your environment to establish a secure connection. While Border0 stores these credentials in encrypted form, we strongly recommend that you keep them local to the connector.
You can have the Border0 connector integrated with your secret management solution for enhanced security and keep your secrets local. Learn more about this in our guide:https://docs.border0.com/docs/using-secret-managers-to-store-credentials
By default, our proxy will try to establish a secure database connection using TLS. If the database server does not support TLS, it will fall back to a non-TLS connection.
Troubleshooting
Should you see any issues with your new socket, it's typically because it can't connect to the upstream database. To troubleshoot that take a look at the connector logs as described here
3 - Connecting to Your MySQL Database
You can connect to your mysql database using three convenient methods: the Border0 desktop app, our agentless client portal, or the command-line interface (CLI).
For the fastest and most seamless experience, use our desktop app. It simplifies the process of discovering and connecting to your mysql databases with your preferred database client.

Using the Command-Line Interface (CLI)
For advanced users or those who prefer the CLI, you can use the border0
CLI tool
- List available databases: Use the
border0 client db
command to list all databases you have access to - Select your mysql database
- Select your preferred client: The CLI will display a list of supported SQL Server clients, including:
- mysql
- mycli
- mysql workbench
- dbeaver
- datagrip
- TablePlus
border0 client db

If your favorite client is not listed, you can always connect with your client of choice, simply use the socket name as the server name.
4 - Review Session Details and Recordings
To review your mysql database session, open the Border0 portal and select the corresponding database socket. Go to the "Sessions" tab and find your session. Clicking on the session will display a recording of the activity. This recording details the SSO identity used (who connected), the originating IP address, Device, connection time, and a complete log of all executed SQL queries.

Troubleshooting
Should you see any issues with your new socket, it's typically because it can't connect to the upstream database. To troubleshoot that take a look at the connector logs as described here
If that doesn't help resolve the issue, feel free to contact us, and we'd be happy to help you troubleshoot.
Updated 10 days ago