Skip to main content

Data connections

Data connections are secure configurations to supported data sources.

Hex makes it easy to securely connect to your data warehouse or cloud storage provider.

Supported data sources

Cloud SQL
MS SQL Server


We're constantly updating our list of integration partners. Let us know at [email protected] if there's an integration you'd like us to prioritize!

Add a new connection

  • Users will need the Admin workspace role to create workspace data connections.
  • Users will need Can Edit or higher project permissions to create project-level data connections.

Navigate to the Data sources tab within a project in the left sidebar.

When you click Add you will be prompted to select a data source. Fill in the relevant connection details and make sure that Hex is allowed to connect to your data source.

  • For PostgreSQL, MySQL, Redshift, MS SQL Server, ClickHouse, AlloyDB, MariaDB, Materialize & Cloud SQL, you'll need:

    • Database host url
    • Database port
    • Database name
    • Username & password
  • For BigQuery, you'll need:

    Note, by default the Use BigQuery Storage API option is enabled when creating a BQ connection. This connection method significantly improves BigQuery query performance in Hex, however it requires two additional permissions be granted to the service account: bigquery.readsessions.create and bigquery.readsessions.getData. Additionally, there may be some BiqQuery costs associated when using this method. Pricing details from Google is available here.

  • For Snowflake, you'll need:

    • Account name
    • Warehouse
    • Database
    • Username & password

    If connecting to Snowflake using Key Pair authentication, paste the entire multi-line key, including "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----", in the Private Key box.

  • For Databricks, you'll need:

  • For Dremio, you'll need:

    • JDBC URL (retrieve this from the Project Settings page under General information in your Dremio account)
    • Access token (instructions to generate)
  • For Trino & Starburst, you'll need;

    • Database host url
    • Database port
    • Username & password
  • For Presto, you'll need;

    • Database host url
    • Database port
    • Catalog name
    • Username & password
  • For Athena, you'll need:

    • AWS access key ID
    • AWS secret access key
    • S3 bucket to write query results to
    • The default port is 443 and the host is athena.[region] (if you're using a VPC to connect then the host address is [vpc-specific-url].athena.[region] Note: only AWS users who do not use MFA authentication are supported.

      AWS uses the AWSQuicksightAthenaAccess policy as an example policy for JDBC connections. The IAM user will also need permissions to utilize prepared statements.

  • For MotherDuck, you'll need:

Example Data Connection

You can establish multiple connections for a given project, which are then listed in the Data sources tab. These connections may be used in SQL cells by any user with Editor access to that project, but will not be available to query from any other project.

Add shared connections

Workspace Admins have the capability to create shared data connections, which can be shared among all users in the workspace, or groups of users. Setting up shared data connections is identical to the process of creating a data connection depicted above, except that only Admins can create them from SettingsData sources of the Settings panel.

Schedule automated refreshes for the data browser

  • Available on the Professional, Team, and Enterprise plans.

Shared data connections can be configured to automatically refresh the data browser cache on a schedule. On refresh, Hex updates the data browser with your latest data connection schema, making any new schema data available as well as removing anything that was deleted.


Automated refreshes require a query of your data connection's entire schema. Consider query costs and your data warehouse load when deciding on a cadence schedule.

Restrict data browser refresh permissions

By default, all Editors have the ability to manually refresh the data connection schema via the data browser. To restrict this ability and only allow Admins to manually refresh the data browser, update the "Can refresh schema" setting in your data connection configuration to "Admins only". This will remove Editors' ability to manually refresh the data browser.

Use data connections to query your database

Once you have configured a data connection, you can query it using a SQL cell. See the SQL cells section for more details.

Database security

For each data connection, it's possible to configure SSH or SSL/TLS for a more secure connection and encryption in transit.

Using Secure Socket Layer (SSL) or Transport Layer Security (TLS) provides an additional layer of security by encrypting data in transit that moves from Hex to your database instance. Some data connection types have SSL/TLS configured by default.

In the table below, Enabled by default indicates that creating a data connection with that database will have encryption in transit enabled by default, and no further action is required. If Configurable, please reference the documentation linked in the first column for instructions on how to configure SSL/TLS for that specific database.

Data ConnectionSSL/TLS
AthenaEnabled by default
BigQueryEnabled by default
DatabricksEnabled by default
MaterializeEnabled by default
PrestoEnabled by default
RedshiftEnabled by default
SnowflakeEnabled by default
MotherDuckEnabled by default
Cloud SQL (MySQL)Configurable
Cloud SQL (PostgreSQL)Configurable
Cloud SQL (SQL Server)Configurable
MS SQL ServerConfigurable