Track a repository
The first step in adding Cyral to a data repository is to create an entry for it in Cyral's inventory.
In the Cyral management console, navigate to the Data Repositories tab and click the plus button.
In the pop-up dialog, specify the following:
- type is the sort of repository you're connecting, such as PostgreSQL or Snowflake
- hostname is the address or hostname where the actual repository
is deployed. This is the address at which Cyral connects to the
repository, and we refer to it as the data repository endpoint.
Later, when you bind this repository to its
sidecar, you will establish a separate user-facing address,
the sidecar load balancer address. Data users connect to the repository
through the sidecar load balancer address.
Notes:
- Snowflake: There are two common formats for the Snowflake
repository hostname:
[account_number].snowflakecomputing.com
and[account_number].[region].snowflakecomputing.com
, whereregion
is the AWS region where your Snowflake instance runs.
- Snowflake: There are two common formats for the Snowflake
repository hostname:
- port is the port number at which Cyral connects to the repository. This is not necessarily the port number that data users will specify when they connect to the repository. You'll set the user-facing port later, when you bind this repository to its sidecar.
- name is a name you choose to represent this repository in Cyral. Data users can find the repository using this name. Your administrators will use this name in policies, and it will appear in logs and other controls.
- For MongoDB repos only, the Replica Sets panel gives you the choice
of protecting single MongoDB node or a MongoDB cluster:
- To protect a single MongoDB node, leave the checkbox unchecked.
- To protect a MongoDB cluster, check the This repository is a replica set checkbox and see Track a MongoDB cluster or node.
Click Track.
In the example shown here, we're adding
a MySQL database and naming it patients-prod
.
Next steps
- If a sidecar is deployed and available (one sidecar can protect many repositories) you can bind this repository to its sidecar now.
- If you don't already have a sidecar deployed that can serve this repository, add it now as shown in Install a sidecar