Core

Create Connection

The connection resource allows exposing internal services from your internal infra structure to users.

Types of Connections

The definition of this resource represent how clients will be able to interact with internal resources.

Each type/subtype may represent a distinct implementation:

application/<subtype> - An alias to map distinct types of shell applications (e.g.: python, ruby, etc)
application/tcp - Forward TCP connections

This type requires the following environment variables:
- HOST: ip or dns of the internal service
- PORT: the port of the internal service
custom - Any custom shell application
database/<subtype> - Allow connecting to databases through multiple clients (Webapp, cli, IDE’s)

Each <subtype> has distinct environment variables that are allowed to be configured, refer to our documentation for more information.

POST

connections

object

access_mode_connect

enum<string>

access_mode_exec

enum<string>

access_mode_runbooks

enum<string>

access_schema

enum<string>

agent_id

string

command

array

name

string

redact_enabled

boolean

redact_types

array

reviewers

array

secret

object

subtype

string

Body

application/json

access_mode_connect

enum<string>

required

Toggle Port Forwarding

enabled - Enable to perform port forwarding for this connection
disabled - Disable port forwarding for this connection

Available options:

enabled,

disabled

access_mode_exec

enum<string>

required

Toggle Ad Hoc Executions

enabled - Enable to run ad-hoc executions for this connection
disabled - Disable ad-hoc executions for this connection

Available options:

enabled,

disabled

access_mode_runbooks

enum<string>

required

Toggle Ad Hoc Runbooks Executions

enabled - Enable to run runbooks for this connection
disabled - Disable runbooks execution for this connection

Available options:

enabled,

disabled

access_schema

enum<string>

required

Toggle Introspection Schema

enabled - Enable the instrospection schema in the webapp
disabled - Disable the instrospection schema in the webapp

Available options:

enabled,

disabled

agent_id

string

required

The agent associated with this connection

command

string[]

Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp.

name

string

required

Name of the connection. This attribute is immutable when updating it

redact_enabled

boolean

When this option is enabled it will allow managing the redact types through the attribute redact_types

redact_types

string[]

Redact Types is a list of info types that will used to redact the output of the connection. Possible values are described in the DLP documentation: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference

reviewers

string[]

Reviewers is a list of groups that will review the connection before the user could execute it

secret

object

Secrets are environment variables that are going to be exposed in the runtime of the connection:

{ envvar:[env-key]: [base64-val] } - Expose the value as environment variable
{ filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem

The value could also represent an integration with a external provider:

{ envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable
{ envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"}

subtype

string

Sub Type is the underline implementation of the connection:

postgres - Implements Postgres protocol
mysql - Implements MySQL protocol
mongodb - Implements MongoDB Wire Protocol
mssql - Implements Microsoft SQL Server Protocol
tcp - Forwards a TCP connection

Response

201 - application/json

access_mode_connect

enum<string>

required

Toggle Port Forwarding

enabled - Enable to perform port forwarding for this connection
disabled - Disable port forwarding for this connection

Available options:

enabled,

disabled

access_mode_exec

enum<string>

required

Toggle Ad Hoc Executions

enabled - Enable to run ad-hoc executions for this connection
disabled - Disable ad-hoc executions for this connection

Available options:

enabled,

disabled

access_mode_runbooks

enum<string>

required

Toggle Ad Hoc Runbooks Executions

enabled - Enable to run runbooks for this connection
disabled - Disable runbooks execution for this connection

Available options:

enabled,

disabled

access_schema

enum<string>

required

Toggle Introspection Schema

enabled - Enable the instrospection schema in the webapp
disabled - Disable the instrospection schema in the webapp

Available options:

enabled,

disabled

agent_id

string

required

The agent associated with this connection

command

string[]

Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp.

string

Unique ID of the resource

managed_by

string

Managed By is a read only field that indicates who is managing this resource. When this attribute is set, this resource is considered immutable

name

string

required

Name of the connection. This attribute is immutable when updating it

redact_enabled

boolean

When this option is enabled it will allow managing the redact types through the attribute redact_types

redact_types

string[]

reviewers

string[]

Reviewers is a list of groups that will review the connection before the user could execute it

secret

object

Secrets are environment variables that are going to be exposed in the runtime of the connection:

{ envvar:[env-key]: [base64-val] } - Expose the value as environment variable
{ filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem

The value could also represent an integration with a external provider:

{ envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable
{ envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"}

status

enum<string>

Status is a read only field that informs if the connection is available for interaction

online - The agent is connected and alive
offline - The agent is not connected

Available options:

online,

offline

subtype

string

Sub Type is the underline implementation of the connection:

postgres - Implements Postgres protocol
mysql - Implements MySQL protocol
mongodb - Implements MongoDB Wire Protocol
mssql - Implements Microsoft SQL Server Protocol
tcp - Forwards a TCP connection

Core

Authentication

Features

Server Management

Proxy Manager

User Management

Create Connection

Types of Connections

Body

Response