Data connections
Data connections are secure configurations to supported data sources.
Supported data sources
More coming soon - let us know if there's one you want us to prioritize!
Add a new connection
Navigate to the Data sources tab within a project in the left sidebar.
When you click Add you will be prompted to select a data source. Fill in the relevant connection details and make sure that Hex is allowed to connect to your data source.
For PostgreSQL, MySQL, Redshift, MS SQL Server, ClickHouse, AlloyDB, & MariaDB, you'll need:
- Database host url
- Database port
- Database name
- Username & password
For BigQuery, you'll need:
- Google Cloud Project ID (instructions to locate)
- Entire contents of a JSON Service Account Key (instructions to generate)
Note, by default the Use BigQuery Storage API option is enabled when creating a BQ connection. This connection method significantly improves BigQuery query performance in Hex, however it requires two additional permissions be granted to the service account:
bigquery.readsessions.createandbigquery.readsessions.getData. Additionally, there may be some BiqQuery costs associated when using this method. Pricing details from Google is available here.For Snowflake, you'll need:
- Account name
- Warehouse
- Database
- Username & password
tipIf connecting to Snowflake using Key Pair authentication, paste the entire multi-line key, including "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----", in the Private Key box.
For Databricks, you'll need:
- JDBC URL (instructions to locate)
- Access token (instructions to generate)
For Dremio, you'll need:
- JDBC URL (retrieve this from the Project Settings page under General information in your Dremio account)
- Access token (instructions to generate)
For Trino, you'll need;
- Database host url
- Database port
- Username & password
For Presto, you'll need;
- Database host url
- Database port
- Catalog name
- Username & password
For Athena, you'll need:
- AWS access key ID
- AWS secret access key
- S3 bucket to write query results to
- The default port is 443 and the host is
athena.[region].amazonaws.com(if you're using a VPC to connect then the host address is[vpc-specific-url].athena.[region].amazonaws.com). Note: only AWS users who do not use MFA authentication are supported.tipAWS uses the AWSQuicksightAthenaAccess policy as an example policy for JDBC connections. The IAM user will also need permissions to utilize prepared statements.
You can establish multiple connections for a given project, which are then listed in the Data sources tab. These connections may be used in SQL cells by any user with Editor access to that project, but will not be available to query from any other project.
Add shared connections
Workspace Admins have the capability to create shared data connections, which can be shared among all users in the workspace, or groups of users. Setting up shared data connections is identical to the process of creating a data connection depicted above, except that only Admins can create them from Settings → Data sources of the Settings panel.
Use data connections to query your database
Once you have configured a data connection, you can query it using a SQL cell. See the SQL cells section for more details.
Database security
For each data connection, it's possible to configure SSH or SSL/TLS for a more secure connection and encryption in transit.
Using Secure Socket Layer (SSL) or Transport Layer Security (TLS) provides an additional layer of security by encrypting data in transit that moves from Hex to your database instance. Some data connection types have SSL/TLS configured by default.
In the table below, Enabled by default indicates that creating a data connection with that database will have encryption in transit enabled by default, and no further action is required. If Configurable, please reference the documentation linked in the first column for instructions on how to configure SSL/TLS for that specific database.
| Data Connection | SSL/TLS |
|---|---|
| Athena | Enabled by default |
| BigQuery | Enabled by default |
| Databricks | Enabled by default |
| Redshift | Enabled by default |
| Snowflake | Enabled by default |
| Presto | Enabled by default |
| Clickhouse | Configurable |
| Dremio | Configurable |
| MariaDB | Configurable |
| MS SQL Server | Configurable |
| MySQL | Configurable |
| Postgres | Configurable |
| Trino | Configurable |
| AlloyDB | Configurable |