Sign inTry Free

SingleStore Helios Endpoints

On this page

An endpoint is a URL used to connect with SingleStore Helios workspaces. The SingleStore Helios endpoints are available on the Cloud Portal. Once logged in,

  1. Navigate to Deployments > Workspaces.

  2. Select the three dots under the Actions column of your workspace, and then select Connect Directly from the list.

  3. On the CLI Client tab, select SingleStore Endpoints from the list. The endpoint of your SingleStore deployment is displayed in the Endpoint section.

Access SingleStore Helios deployment using the available endpoint with any of the supported SQL clients and/or development tools.

Note

When using a third-party SQL client or development tool, you must first add a database user to log into a SingleStore Helios database.

Connect to SingleStore Helios via TLS/SSL

To establish an encrypted connection from a stand-alone SQL client, you need a TLS/SSL public certificate. This certificate ensures that clients without a valid certificate are not allowed to connect to your workspace. This CA certificate can also be used to verify the identity of each workspace host. Download the TLS/SSL certificate from the Cloud Portal. Install the certificate via the instructions provided at How Do I Install a Certificate?.

For example, using the MySQL command line (CLI) client, you can connect to the SingleStore Helios endpoints using the singlestore_bundle.pem certificate file. The .pem file enables support for encrypted connections. Include the --ssl-mode=VERIFY_CA option to verify the certificate.

Note: Include the --ssl-mode=REQUIRED option to establish a secure connection in older versions of the MySQL client, even when the --ssl-ca option is specified.

mysql -u admin -p -h <endpoint-host> -P 3306 --default-auth=mysql_native_password --ssl-ca=./singlestore_bundle.pem --ssl-mode=VERIFY_CA

Important

The singlestore_bundle.pem file, which SQL clients can use to connect to SingleStore Helios, will be updated as of October 20, 2023.

If your SQL client uses the singlestore_bundle.pem file and the --ssl-mode=VERIFY_CA flag to connect, and your SQL client can no longer connect to SingleStore Helios, please download and use the latest singlestore_bundle.pem file.

See Connect to SingleStore Helios using TLS/SSL topic for more information.

Secure the SingleStore Helios Connection

Server Configuration to Require Secure Client Connections

To make the server restrict access to clients over SSL only, add the REQUIRE SSL clause to the user’s GRANT statement, for example:

CREATE USER 'user'@'%' IDENTIFIED BY 'password';
ALTER USER 'user'@'%' REQUIRE SSL;

For example, if REQUIRE SSL is specified for the user user:

## This connection attempt is rejected with an "Access denied" error:
mysql -u user -h 1.2.3.4
## This one works:
mysql -u user -h 1.2.3.4 --ssl-ca=ca-cert.pem

Unless the client is configured properly, the client may or may not use SSL to connect to SingleStore Helios even if SSL is enabled on the SingleStore Helios workspace. Adding REQUIRE SSL helps protect against misconfigured clients by preventing them from connecting over an insecure plaintext connection. However, proper client configuration is still necessary for security against active network attacks, regardless of server configuration.

Note that the server currently uses a hardcoded version of the TLS protocol.

Last modified: July 16, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK