Using Cyral
Manage sidecarsInstall a sidecarInstall a sidecar using TerraformInstall a sidecar using CloudFormationInstall a sidecar using Helm3Add a domain alias for the sidecarNext stepsAssign a repository to a sidecarUnassign a repositoryUninstall a sidecar
Account Administration
How to
API ReferenceRelease Notes

Try Cyral in your environment now. No credit card needed.

Try Cyral

Add a CNAME or A record for the sidecar

After you have deployed your sidecar and assigned at least one repository to it, Cyral recommends creating a CNAME record or A record that maps to your chosen sidecar domain. By doing this, you provide a stable alias address where users can always reach their repositories. Even if your underlying sidecar address changes (for example during an upgrade), the address can remain the same for users.

To use a repository through the Cyral sidecar, database users will connect at its sidecar domain address (in this example, db-access.example.com). To support this, your sidecar's domain should have a corresponding CNAME record or A record that maps it to the domain name or IP address of the sidecar’s load balancer.

To set this up:

  1. Make sure you've assigned at least one repository to your sidecar, as explained in Assign a repository to a sidecar.

  2. Find the sidecar load balancer address: In the Cyral management console, click Sidecars, and click the name of your sidecar. In the Data Repositories tab, you can find your sidecar's load balancer address displayed in the Endpoint Address column. Keep this tab open. In this example, we'll assume the sidecar load balancer address is cyral-jkhcst-lb-e9febb0b738722.elb.us-east-2.amazonaws.com

  3. Choose user-facing a name for your sidecar domain. We'll refer to this as your sidecar domain name. This is the base URL where your repository users will connect to all repositories protected by the sidecar. In this example, we'll assume the sidecar domain name address is db-access.example.com

  4. In your DNS routing service, such as Amazon Route 53 or Microsoft Azure DNS, create an entry that maps your sidecar domain name to the sidecar load balancer address:

    • If your sidecar load balancer has a name, like the cyral-jkhcst-lb-e9febb0b738722.elb.us-east-2.amazonaws.com name we're using in this example, create a CNAME record and point to that.
    • If the address you retrieved for your sidecar load balancer is an IP address, then create a regular A record to point to the address.
  5. In Cyral, edit the sidecar to use the new alias: In the Cyral management console, click Sidecars, and click the name of your sidecar. Click the edit icon, and in the Edit Sidecar window, activate the Endpoint Alias option and type the sidecar domain in the field that appears. For example, we might specify db-access.example.com. Click Save.

All repository users should connect to the repository using the sidecar name you've created. When users search for a repository in the Cyral Console, (to do this, they click Connect and then copy the Connection URI) the console will show them the repository’s connection URI, including the CNAME record or A record address you've created.

Next steps

© Copyright 2021 Cyral Inc. All rights reserved.