Skip to main content
Connect Supaboard to a MySQL database for direct querying, schema discovery, and AI-powered analysis.

Before you connect

Network access — Supaboard connects from a fixed set of egress IPs. Add them to your database firewall allow-list before attempting a connection. The current IP list is shown inside the connector form under Whitelist IPs. Database user permissions — The user you provide needs at minimum:
  • SELECT on the target database
  • SHOW DATABASES to enable database auto-discovery
See Recommended database user permissions for the exact SQL.

Connection fields

FieldDefaultRequiredDescription
Display NameYesLabel shown in the Supaboard UI
HostYesHostname or IP of your MySQL server
Port3306YesMySQL port
DatabasemysqlNoDatabase name; Supaboard auto-discovers if left blank
UsernameYesDatabase user
PasswordYesPassword for the database user
Additional JDBC ParametersNoExtra key=value pairs appended to the JDBC URL
Boolean columns — MySQL’s TINYINT(1) type is interpreted as a boolean by many JDBC drivers. If your queries return true/false instead of 0/1 unexpectedly, add tinyInt1isBit=false to Additional JDBC Parameters.

SSH Tunnel fields

Shown when the SSH Tunnel toggle is enabled.
FieldDefaultRequiredDescription
SSH HostYesHostname or IP of the SSH bastion server
SSH Port22YesSSH port on the bastion server
SSH UsernameYesSSH login username
SSH Connection TypePrivate KeyYesPrivate Key or Password
SSH Private KeyIf Private KeyPEM-encoded private key
SSH PassphraseNoPassphrase for an encrypted private key
SSH PasswordIf PasswordPassword for SSH password authentication

Finding your connection details

Amazon RDS for MySQL

  1. Open the RDS Console and select your DB instance.
  2. Under Connectivity & security, copy the Endpoint — this is your Host.
  3. The default Port is 3306.
  4. Ensure the instance’s security group allows inbound TCP on port 3306 from Supaboard’s egress IPs, or route through an SSH tunnel.
Documentation: Connecting to a MySQL DB instance · RDS for MySQL overview

Amazon Aurora (MySQL-compatible)

  1. In the RDS Console, open your Aurora cluster.
  2. Use the Writer endpoint as your Host for read/write access; use a Reader endpoint for read-only.
  3. Default port is 3306.
  4. Add Supaboard IPs to the cluster’s VPC security group.
Documentation: Connecting to an Aurora MySQL cluster · Aurora MySQL overview

Google Cloud SQL for MySQL

  1. Open the Cloud SQL Console and select your instance.
  2. Under Connect to this instance, copy the Public IP address as your Host.
  3. Under Connections → Authorized networks, add each Supaboard egress IP.
  4. Alternatively, use the Cloud SQL Auth Proxy via an SSH tunnel.
Documentation: Cloud SQL for MySQL overview · Connecting overview · Authorizing with IP addresses

Azure Database for MySQL

  1. Open your server in the Azure Portal.
  2. On the Overview page, copy Server name — this is your Host (format: server.mysql.database.azure.com).
  3. Under Settings → Connection security, add a firewall rule for each Supaboard egress IP.
  4. SSL enforcement is enabled by default on Azure — enable the SSL toggle in Supaboard.
Documentation: Azure Database for MySQL documentation · Firewall rules

SSL

Enable the SSL toggle when your database requires encrypted connections (recommended for all cloud-hosted instances).
  • SSL Certificate — paste the server’s CA certificate in PEM format if your database uses a self-signed or private CA certificate. Leave blank for certificates signed by a public CA.

SSH Tunnel

An SSH tunnel routes the database connection through a bastion host, keeping your database off the public internet entirely. When to use it:
  • Your database has no public IP
  • You want to avoid adding Supaboard IPs to your database firewall
  • Your security policy requires all external connections to go through a jump server
Checklist:
  • The bastion server can reach the database host on port 3306
  • Supaboard’s egress IPs are allowed on the bastion server’s SSH port (default 22)
  • The SSH user has permission to forward connections (no no-port-forwarding in authorized_keys)
  • If using a private key, it is in PEM format (OpenSSH format may need conversion with ssh-keygen -p -m PEM)

Recommended database user permissions

-- Create a dedicated read-only user (accessible from any host)
CREATE USER 'supaboard'@'%' IDENTIFIED BY 'strong_password_here';

-- Grant SELECT on the target database
GRANT SELECT ON your_database.* TO 'supaboard'@'%';

-- Allow database discovery
GRANT SHOW DATABASES ON *.* TO 'supaboard'@'%';

FLUSH PRIVILEGES;
Replace your_database with the name of your database. To expose multiple databases, repeat the GRANT SELECT line for each one.

Troubleshooting

ErrorLikely causeFix
Access denied for userWrong username or passwordVerify credentials; confirm the user exists with SELECT user FROM mysql.user
Can't connect to MySQL serverWrong host/port or firewall blockingCheck host/port; add Supaboard IPs to firewall allow-list
Unknown databaseDatabase name doesn’t existVerify the database name with SHOW DATABASES
SSL connection requiredServer requires SSL but toggle is offEnable the SSL toggle
Host is not allowed to connectMySQL’s bind-address or user host restrictionEnsure the user is created with '%' host, not 'localhost'
tinyInt1isBit confusionTINYINT(1) returned as booleanAdd tinyInt1isBit=false to Additional JDBC Parameters
Last modified on March 11, 2026