Data connections
Data connections are secure configurations to supported data sources.
Hex makes it easy to securely connect to your data warehouse or cloud storage provider.
Supported data sources
We're constantly updating our list of integration partners. Let us know at [email protected] if there's an integration you'd like us to prioritize!
Add a new connection
- Users will need the Admin workspace role to create workspace data connections.
- Users will need Can Edit or higher project permissions to create project-level data connections.
Navigate to the Data sources tab within a project in the left sidebar.
When you click Add you will be prompted to select a data source. Fill in the relevant connection details and make sure that Hex is allowed to connect to your data source.
-
For PostgreSQL, MySQL, Redshift, MS SQL Server, ClickHouse, AlloyDB, MariaDB, Materialize & Cloud SQL, you'll need:
- Database host url
- Database port
- Database name
- Username & password
-
For BigQuery, you'll need:
- Google Cloud Project ID (instructions to locate)
- Entire contents of a JSON Service Account Key (instructions to generate)
Note, by default the Use BigQuery Storage API option is enabled when creating a BQ connection. This connection method significantly improves BigQuery query performance in Hex, however it requires two additional permissions be granted to the service account:
bigquery.readsessions.createandbigquery.readsessions.getData. Additionally, there may be some BiqQuery costs associated when using this method. Pricing details from Google is available here. -
For Snowflake, you'll need:
- Account name
- Warehouse
- Database
- Username & password
tipIf connecting to Snowflake using Key Pair authentication, paste the entire multi-line key, including "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----", in the Private Key box.
-
For Databricks, you'll need:
- JDBC URL (instructions to locate)
- Access token (instructions to generate)
-
For Dremio, you'll need:
- JDBC URL (retrieve this from the Project Settings page under General information in your Dremio account)
- Access token (instructions to generate)
-
For Trino & Starburst, you'll need;
- Database host url
- Database port
- Username & password
-
For Presto, you'll need;
- Database host url
- Database port
- Catalog name
- Username & password
-
For Athena, you'll need:
- AWS access key ID
- AWS secret access key
- S3 bucket to write query results to
- The default port is 443 and the host is
athena.[region].amazonaws.com(if you're using a VPC to connect then the host address is[vpc-specific-url].athena.[region].amazonaws.com). Note: only AWS users who do not use MFA authentication are supported.tipAWS uses the AWSQuicksightAthenaAccess policy as an example policy for JDBC connections. The IAM user will also need permissions to utilize prepared statements.
-
For MotherDuck, you'll need:
- MotherDuck Token (instructions to generate)
Example Data Connection
You can establish multiple connections for a given project, which are then listed in the Data sources tab. These connections may be used in SQL cells by any user with Editor access to that project, but will not be available to query from any other project.
Add shared connections
Workspace Admins have the capability to create shared data connections, which can be shared among all users in the workspace, or groups of users. Setting up shared data connections is identical to the process of creating a data connection depicted above, except that only Admins can create them from Settings → Data sources of the Settings panel.
Schedule automated refreshes for the data browser
- Available on the Professional, Team, and Enterprise plans.
Shared data connections can be configured to automatically refresh the data browser cache on a schedule. On refresh, Hex updates the data browser with your latest data connection schema, making any new schema data available as well as removing anything that was deleted.
Automated refreshes require a query of your data connection's entire schema. Consider query costs and your data warehouse load when deciding on a cadence schedule.
Use data connections to query your database
Once you have configured a data connection, you can query it using a SQL cell. See the SQL cells section for more details.
Database security
For each data connection, it's possible to configure SSH or SSL/TLS for a more secure connection and encryption in transit.
Using Secure Socket Layer (SSL) or Transport Layer Security (TLS) provides an additional layer of security by encrypting data in transit that moves from Hex to your database instance. Some data connection types have SSL/TLS configured by default.
In the table below, Enabled by default indicates that creating a data connection with that database will have encryption in transit enabled by default, and no further action is required. If Configurable, please reference the documentation linked in the first column for instructions on how to configure SSL/TLS for that specific database.
| Data Connection | SSL/TLS |
|---|---|
| Athena | Enabled by default |
| BigQuery | Enabled by default |
| Databricks | Enabled by default |
| Materialize | Enabled by default |
| Presto | Enabled by default |
| Redshift | Enabled by default |
| Snowflake | Enabled by default |
| MotherDuck | Enabled by default |
| AlloyDB | Configurable |
| Clickhouse | Configurable |
| Cloud SQL (MySQL) | Configurable |
| Cloud SQL (PostgreSQL) | Configurable |
| Cloud SQL (SQL Server) | Configurable |
| Dremio | Configurable |
| MariaDB | Configurable |
| MS SQL Server | Configurable |
| MySQL | Configurable |
| Postgres | Configurable |
| Trino | Configurable |
| Starburst | Configurable |