Flitch
Integrations

MySQL

Connect a MySQL database (self-hosted, RDS, Cloud SQL, Azure, or Aurora) with a connection string or client certificate.

Reads tables from any MySQL database. Queries run inside a read-only transaction, so Flitch can never write to your database.

Add a source

MySQL supports two auth methods: a connection string (a database user over TLS) and a client certificate (mTLS).

Prerequisites

  • A reachable MySQL host and database.
  • A user with read access to the tables you want.

Create a read-only user

CREATE USER 'flitch_readonly'@'%' IDENTIFIED BY 'choose-a-strong-password';
GRANT SELECT ON mydb.* TO 'flitch_readonly'@'%';
FLUSH PRIVILEGES;

Build the connection string

mysql://flitch_readonly:password@your-host:3306/mydb?ssl-mode=REQUIRED

For RDS, Cloud SQL, Azure, or Aurora, copy the host (endpoint) from the provider console. Managed providers enforce TLS, so keep ssl-mode=REQUIRED; for a server with no TLS use ssl-mode=DISABLED.

Open the form

Go to DataAddMySQL, paste the connection string, then pick datasets.

Issue a client certificate

Generate an X.509 client certificate and key signed by a CA your server trusts, and create the user with REQUIRE X509 so the server enforces it.

Open the form

Go to DataAddMySQL, pick Client Certificate (mTLS), and paste the CA certificate, client certificate, and client key.

Pick datasets

Test the connection, then tick the tables.

Network access

Flitch connects from its own server, not your browser, so if your database is behind a firewall or VPC security group you must allow Flitch's connector egress IP (shown in the Add Source form) on the database port, not your own IP. Managed hosts that are publicly reachable need no change.

Team-wide credential (optional)

A team admin can store one shared MySQL credential in Settings → Data connections; new connections then default to it, with no per-connection secret.

Refresh

Refresh is off by default. Enable it to schedule a background refresh and serve from cache between runs. See Refresh.

Troubleshooting

Authentication failed. Check the user and password, and that it can connect from Flitch's host ('flitch_readonly'@'%').

Connection timed out / refused. Verify host and port, and that the egress IP is allowlisted.

Server does not support secure connection. The server has no TLS (e.g. a plain self-hosted instance). Use ssl-mode=DISABLED.

PostgreSQL

Connect a PostgreSQL database (self-hosted, RDS, Cloud SQL, or Azure) with a connection string or client certificate.

MariaDB

Connect a MariaDB database with a connection string or client certificate (MySQL wire protocol).

On this page

Add a sourcePrerequisitesCreate a read-only userBuild the connection stringOpen the formIssue a client certificateOpen the formPick datasetsNetwork accessTeam-wide credential (optional)RefreshTroubleshooting