> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

Learn how to connect Bytebase to your database instances and configure basic connection settings.

## Quick Start

<Columns cols={3}>
  <Card title="AWS Databases" href="/get-started/connect/aws" icon="aws">
    RDS, Aurora with IAM auth
  </Card>

  <Card title="GCP Databases" href="/get-started/connect/gcp" icon="google">
    Cloud SQL, Spanner with service accounts
  </Card>

  <Card title="Azure Databases" href="/get-started/connect/azure" icon="microsoft">
    Azure SQL with managed identity
  </Card>
</Columns>

## Basic Connection

Before configuring connection parameters, ensure network connectivity:

**Network Requirements:**

* Verify network routing between Bytebase and your database instance (e.g., VPN, private networks)
* Configure firewall rules to allow Bytebase to connect to your database port
* For cloud databases, add Bytebase to security groups or IP allowlists
* Bytebase Cloud users: [Whitelist required IPs](/get-started/cloud#prerequisites)

**Connection Parameters:**

1. **Host**: Database server address
   * Docker (standard): Use `host.docker.internal` for localhost databases
   * Docker (--network host): Use `127.0.0.1` for localhost databases

2. **Port**: Database port number (e.g., 5432 for PostgreSQL, 3306 for MySQL)

3. **Username & Password**: Database credentials with appropriate permissions

Additional parameters vary by database type - see the database-specific guides below.

## Advanced Connection Options

### Read-Only Connections

Configure separate read-only connections for enhanced security and performance. Read-only connections are used for:

* SQL Editor queries with [data source restrictions](/sql-editor/settings/data-source-restriction)
* [Export Center operations](/security/database-permission/export#request-from-export-center)

**Setup:**

1. Create a read-only database user or configure a read-replica
2. In Bytebase, click **+** next to **Connection Info**
3. Enter the read-only connection details
4. Save the configuration

### SSH Tunnel

Use SSH tunneling to connect through a bastion host when your database is behind a firewall or in a private network.

**Setup:**

1. Enter your database connection details
2. Enable **SSH Connection** and select **Tunnel + Private Key**
3. Configure SSH settings:
   * **SSH Host**: Bastion host address
   * **SSH Port**: SSH port (typically 22)
   * **SSH User**: Username for SSH authentication
   * **Private Key** or **Password**: SSH credentials
4. Test and save the connection

### Connection Parameters

Customize connection behavior with database-specific parameters:

| Parameter         | Description            | Example   | Databases         |
| ----------------- | ---------------------- | --------- | ----------------- |
| `sslmode`         | SSL connection mode    | `require` | PostgreSQL        |
| `connect_timeout` | Connection timeout     | `10`      | PostgreSQL, MySQL |
| `readTimeout`     | Read operation timeout | `30s`     | MySQL, SQL Server |

**Database Documentation:**

* [PostgreSQL Parameters](https://www.postgresql.org/docs/current/libpq-connect.html)
* [MySQL Parameters](https://github.com/go-sql-driver/mysql#parameters)
* [SQL Server Parameters](https://pkg.go.dev/github.com/microsoft/go-mssqldb#section-readme)

### Secret Manager Integration

Never store database passwords in Bytebase. Use your existing secret manager for automatic rotation, compliance, and centralized control.

**Key benefits:**

* Meet SOC2/HIPAA compliance requirements
* Automatic password rotation without downtime
* Complete audit trail of credential access
* Centralized management across all systems

**Supported integrations:**

* **[AWS Secrets Manager](/get-started/connect/aws#aws-secrets-manager)** - For AWS deployments
* **[GCP Secret Manager](/get-started/connect/gcp#gcp-secret-manager)** - For GCP deployments
* **HashiCorp Vault** - Enterprise secret management

#### HashiCorp Vault

**Vault Setup:**

1. Create secret in Vault KV v2:

* Engine: `secret`
* Path: `bytebase`
* Key: `DB_PASSWORD`

<Note>
  Requires Vault KV v2 engine with `read` and `list` permissions on both `/data/` and `/metadata/` paths
</Note>

**Configuration in Bytebase:**

1. Enter Vault URL
2. Choose authentication: Token or AppRole
3. Specify secret location

## Instance Management

Configure instance-level settings to optimize how Bytebase interacts with your databases.

### Sync Interval

<Tip>
  Manually trigger schema metadata sync at any time:

  * **Database level**: Sync an individual database's schema metadata
  * **Instance level**: Sync all databases and detect newly added or removed databases
</Tip>

Bytebase automatically syncs schema metadata when changes are made through Bytebase. For external changes, set an automatic sync interval to keep metadata current for SQL review and data masking. We recommend 24 hours for most use cases—shorter intervals can overload your database server and Bytebase service.

### Maximum Connections

Control the number of concurrent connections Bytebase can establish to your database. Finding the right balance is important:

* **Too high**: May overwhelm your database server
* **Too low**: May cause task queuing and execution delays

Consider these factors when setting the limit:

* Team size and concurrent SQL Editor usage
* Available database connection capacity
* Parallel operations (migrations, backups, syncs)

### Deleting Instances

#### Archive Instance

To temporarily remove an instance from active use while preserving its configuration:

1. Navigate to the instance page
2. Click **Archive** to move the instance to archived status
3. Archived instances remain accessible from **Settings > Archived**

<Warning>
  Before archiving an instance, ensure all its databases are unassigned from projects. Databases actively assigned to projects cannot be archived.
</Warning>

#### Hard Delete Instance

To permanently remove an instance and all its associated metadata from Bytebase:

1. **Archive the instance first**:
   * Go to the instance page
   * Click **Archive this instance** (requires all databases to be unassigned from projects) on the bottom of the page

2. **Permanently delete the archived instance**:
   * Navigate to **Settings > Archived**
   * Select the archived instance
   * Click **Hard-Delete** to permanently remove the instance

<Caution>
  Hard deletion is irreversible. All instance configuration, connection settings, and metadata stored in Bytebase will be permanently removed. This does not affect the actual database itself, only Bytebase's records and configuration for that instance.
</Caution>