Using Cyral
How to
API Reference

See how Security as Code can help your organization.

Get a Demo


This quickstart guide shows how to set up a Cyral sidecar to start monitoring data activity in your repository. Later, you can configure SSO authentication, ephemeral access, and access control for your users and services interacting with the data repository.

Track your data repository

The first step in adding Cyral to a data repository is to create an entry for it in Cyral's Inventory.

In the Cyral management console, navigate to the Inventory tab and click Track New Repository.

In the pop-up dialog, enter the repository type, name, hostname, and port number and click Create. Here, we're adding a MySQL database and naming it patients-prod.

Add a sidecar

Next, you'll deploy the Cyral sidecar which intercepts traffic to and from the data repository.

In the Sidecar tab, select Create New Sidecar and follow the instructions for your cloud platform and deployment framework.

Once your sidecar has been deployed, it appears in the Sidecars tab. Here, we've created a sidecar named sidecar01.

Assign your data repository to the sidecar

Next, you must associate the tracked repository with its sidecar. In this example, we add the repository patients-prod to the sidecar sidecar01.

In the Sidecar tab, select the sidecar to which you'd like to assign the repository and click the corresponding arrow to reveal additional configuration options for the sidecar. Then, select Assign a Repository.

In the pop-up dialog, select your repository and click Track.

You've configured your data repository to be monitored by a Cyral sidecar.

Connect to your data repository through the sidecar

To connect to the data repository through Cyral, use its sidecar endpoint address instead of the data repository's native address.

Note! In this test setup, database users still have the option to bypass Cyral and connect directly to the data repository as they always have. In a production deployment, you'll configure the data repository so that all users connect through Cyral.

Look up the sidecar endpoint in the Sidecar tab by expanding your sidecar's entry, finding your repository in the list, and noting its Sidecar Endpoint.

Connect to your repo through the sidecar using your usual query tool, but replacing the address and port with with the sidecar endpoint address and port you got from the UI. For {dbUser} and {dbPassword}, use your usual data repository credentials.

Below we also show examples for connecting to a repository with its sidecar at address sidecar01.hhiu.cyral.com listening for connections on port 3306, using the credentials bob/password and querying the database invoices. For MongoDB, we assume the auth database is called admin.

  • mySQL
  • PostgreSQL
  • MongoDB
mysql -h {sidecarAddress} -P {sidecarListeningPort} -u {dbUser} -p {dbPassword} -ssl-mode=REQUIRED
mysql -h sidecar01.hhiu.cyral.com -P 3306 -u bob -p password

Next steps

Now that you've configured Cyral to monitor accesses to a data repository, you can:

© Copyright 2020 Cyral Inc. All rights reserved.