CORE CONCEPTS4 min read
Direct Connections
Connecting cloud databases and APIs without an on-premise agent
Overview
Direct connections allow Conexor to connect to databases and APIs that are accessible from the internet, without requiring an on-premise agent. This is ideal for cloud-hosted databases like Azure SQL, AWS RDS, or Supabase.
INFODirect connections work best for cloud databases. For on-premise databases behind a firewall, use the agent mode.
Connection Modes Comparison
| Feature | Agent Mode | Direct Mode |
|---|---|---|
| Firewall traversal | Yes (outbound only) | No (needs public access) |
| Credentials stored | On-premise (encrypted) | In cloud (encrypted) |
| Setup complexity | Medium (install agent) | Low (just connection string) |
| Latency | Lower (local network) | Higher (internet) |
Supported Data Sources
- PostgreSQL - Any PostgreSQL 12+ with public access
- SQL Server - Azure SQL Database, AWS RDS for SQL Server
- REST APIs - Any public API with OpenAPI spec
Creating a Direct Connection
- Go to Dashboard → Data Sources
- Click "Add Data Source"
- Select "Direct" as connection mode
- Choose data source type (PostgreSQL, SQL Server, REST API)
- Enter connection details
- Test the connection
- Save - schema will be discovered automatically
Security Considerations
- Credentials are encrypted with AES-256 before storage
- Use IP allowlisting on your cloud database when possible
- Use read-only database users with minimal permissions
- Enable SSL/TLS on your database connection
- Consider using VPC peering for AWS/Azure databases
NOTENever use admin or superuser credentials for direct connections.
Example: Azure SQL Database
text
# Connection String Server=tcp:myserver.database.windows.net,1433; Database=mydb; User ID=conexor_user@myserver; Password=my_password; Encrypt=True; Connection Timeout=30; # Azure Firewall Rule Allow access from: Conexor IP ranges (contact support for current IPs) Or: Allow Azure services = On (less secure)