SingleStore Helios Endpoints

An endpoint is a URL used to connect with SingleStore Helios workspaces. The SingleStore Helios endpoints are available on the Cloud Portal. Once logged in, select your workspace, and select the Connect button for additional connection information.

Then, access SingleStore Helios at the available endpoints with SQL clients and/or development tools.

Note

When using a third-party SQL client or development tool, you must first add a database user to log into a SingleStore Helios database.

Connect to SingleStore Helios via TLS/SSL

To establish an encrypted connection from a stand-alone SQL client, you need a TLS/SSL public certificate. This certificate ensures that clients without a valid certificate are not allowed to connect to your workspace. This CA certificate can also be used to verify the identity of each workspace host. Download the TLS/SSL certificate from the Cloud Portal. Install the certificate via the instructions provided at How Do I Install a Certificate?.

For example, using the MySQL command line (CLI) client, you can connect to the SingleStore Helios endpoints using the singlestore_bundle.pem certificate file. The .pem file enables support for encrypted connections. Include the --ssl-mode=VERIFY_CA option to verify the certificate.

Note: Include the --ssl-mode=REQUIRED option to establish a secure connection in older versions of the MySQL client, even when the --ssl-ca option is specified.

mysql -u admin -p -h <endpoint-host> -P 3306 --default-auth=mysql_native_password --ssl-ca=./singlestore_bundle.pem --ssl-mode=VERIFY_CA

Important

The singlestore_bundle.pem file, which SQL clients can use to connect to SingleStore Helios, will be updated as of October 20, 2023.

If your SQL client uses the singlestore_bundle.pem file and the --ssl-mode=VERIFY_CA flag to connect, and your SQL client can no longer connect to SingleStore Helios, please download and use the latest singlestore_bundle.pem file.

See Connect to SingleStore Helios using TLS/SSL topic for more information.

Secure the SingleStore Helios Connection

Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

CREATE USER 'user'@'%' IDENTIFIED BY 'password';
ALTER USER 'user'@'%' REQUIRE SSL;

For example, if REQUIRE SSL is specified for the user user:

## This connection attempt is rejected with an "Access denied" error:
mysql -u user -h 1.2.3.4
## This one works:
mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore Helios even if SSL is enabled on the SingleStore Helios workspace. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration.

Note that the server currently uses a hardcoded version of the TLS protocol.

Last modified: September 4, 2024

Was this article helpful?