Connecting to Microsoft SQL Server can be done natively using an IDE or any supported client library. Alternatively, you can use the sqlcmd command line utility for one-off executions.


To get the most out of this guide, you will need to:


The table below explains which features are available for this kind of connection.

  • Native - it’s when a database client is connecting via protocol (e.g., IDE, client libraries)
  • One Off - It’s when a hoop client performs ad hoc executions (e.g.: webapp, hoop cli)
FeatureNativeOne OffDescription
TLS Termination Proxy

The local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.

The gateway store and audit the queries being issued by the client
Data Masking (DLP)

A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Credentials Offload

The user authenticates via SSO instead of using database credentials.
Interactive Access

Interactive access is available when using an IDE or connecting via a terminal to perform analysis exploration.


HOSTenv-varyesThe IP or Host of the SQL Server
PORTenv-varyesThe port of the SQL server
USERenv-varyesThe user with access to the instance
PASSenv-varyesThe password with access to the instance
DBenv-varyesThe name of the database to connect (Required when using the connection via the command line).
INSECUREenv-varnoIf the connection will ignore the chain of certificates presented by the server. (the connection will be subject to man-in-the-middle attacks if the network is not reliable. By default, this option is set to false)

Connection Command

hoop admin create conn mssql --type database/mssql -a <agent> \
  -e HOST=<host> \
  -e PORT=<port> \
  -e USER=<user> \
  -e PASS=<pass> \
  -e DB=<db>

How to Use

Forward a local port (default to 1444) to connect in the sql server with any client/IDE

hoop connect mssql
connection: mssql | session: 5531dc59-febc-4eee-af26-96e0e0de6769

      host= port=1444 user=noop password=noop
ready to accept connections!

Test it using sqlcmd utility tool.

sqlcmd -S -Q "SELECT @@VERSION"

In the same connection, a one-off process can be run as well.

hoop exec mssql <<EOF
hoop exec mssql -f /tmp/myquery.sql
hoop exec mssql -i 'SELECT @@VERSION'
# pass arguments to sqlcmd
hoop exec mssql -- -s ";" -h -1 -W <<EOF