MySQL

Supported Capabilities

Data Quality Support

Lineage Support

Connection Requirements

Connecting to decube is as easy as providing us with credentials to your MySQL database. At a minimum, we require

• username

• password

• host address

• host port

• database name

The source name will be for you to differentiate and recognize particular sources within the decube application.

We strongly encourage you to create a decube read-only user for this credential purpose, which you can follow here.

Security Concerns

If access to your database is protected by security measures, we allow for connecting via SSH Tunneling or you could whitelist our IP. See more here.

Configuring a Custom MySQL User

Creating a dedicated database user for Decube is the recommended approach. This follows the principle of least privilege, ensuring Decube has only the specific permissions it needs to monitor your data without risking broader database security.

1. Create the Decube User

Run the following command to initialize the user. Replace <host> with Decube's IP (or % for any host) and set a strong password.

2. Assign Necessary Permissions

Decube requires specific privileges to read metadata and monitor table health.

Data Access (SELECT)

You must grant SELECT access to the tables you wish to observe. Use a wildcard (*) for the entire database or specify individual tables.

• For the entire database:

• For specific tables only:

View Metadata Access (SHOW VIEW)

To monitor and process MySQL Views, Decube requires the SHOW VIEW privilege at the database level. Without this, Decube cannot ingest view definitions.

Use your own SSL CA Cert

If your database enforces SSL connection, you can provide your own CA Cert file by choosing Use Customer CA Certand uploading a CA Cert.

This works for AWS RDS Aurora MySQL instances as well. To see where to retrieve your Aurora certificates, please use this guide from AWS