Database Management

You will only be able to manage databases on a server if your user role has permission to install and manage databases on a server, review our guide for more information on the different roles and permissions.

Overview

The database management service allows you to install MySQL and create databases. You can also create new database users, with the option to grant local or remote access.

To get started, click the "Manage" button next to the server you wish to manage databases for. If you've been granted access to the database section by your team's admin or manager then you'll see a link on the sidebar to access the database section.

Installing MySQL

If this is your first time visiting the database section for a server it will prompt you to install MySQL. This is a one-click installer that requires no manual work on your part.

Please note: If you already have MySQL running on the server it will first need to be removed to use this section with ServerAuth.

Once MySQL has been installed and configured the page will reload with options to create your first database and user.

Creating Databases

To create a new database click the 'Create Database' button at the top of the page. This will open a popup where you can provide the database name and the login details for the first user.

You'll also be given the option to grant the user remote access. Typically you would want to leave this box unchecked as it opens the user up for remote access. If you are enabling remote access we recommend setting up firewall rules to ensure your databases are protected from anyone who may attempt to break in.

Adding / Removing Database Users

Once a database has been created you can add additional users, or delete existing users by clicking the 'Manage' link on the line entry for the database. This will show a new popup with a list of all users who have access to the database, along with a link to create a new user. As with the database creation form, you'll be able to select if the user has remote access or not.

Additional Options

Using the 'Options' dropdown at the top of the page you can start, stop and restart the MySQL server. You can also force a manual refresh from the server. This will rebuild the list of databases and users.

Enabling Remote Access

When creating a database user you'll be given the option to enable remote access. This sets the user up to be accessible globally.

MySQL requires a modification to its config file to support access outside of the server. You can do this by clicking the Options -> Edit MySQL Config File. Inside that file locate the bind-address option. This will likely have an existing value of 127.0.0.1. To enable remote access change this value to 0.0.0.0 and save. If you now use the Options -> Restart MySQL link the server will apply the update, and your user will have remote access enabled.

If you are using a firewall on your server you'll also need to open up MySQL's port 3306 (TCP). Ideally, you only want to open this port to trusted IPs to ensure you're not exposing your MySQL server to the world.

The Firewall Manager within ServerAuth can help you do this by specifying an individual port to open, along with the IP address to allow access to.

MySQL Config Editor

Within the 'Options' dropdown, you'll find an option to edit the MySQL config file. We advise caution when editing this file as it's possible to cause your MySQL server to stop working. When editing we recommend taking a backup. Should your MySQL instance become damaged after modifying this, reverting it and restarting MySQL will usually clear the issue.

After making any changes to the file remember to restart your database server to ensure the changes are applied.

Tips for remotely accessing your databases in 'local' only mode.

If you require access to your database for remotely managing the contents you'll likely be using a desktop application such as MySQL Workbench, SequelAce, or TablePlus. You do not need to enable remote access to the user to manage the database from your desktop.

Instead, we recommend you connect via SSH, something most desktop applications will support. This creates a tunnel between your computer and the database by first logging into the server as an SSH user, and then once connected it locally connects to the database. By doing this your database user remains locked down to only be accessible locally, and this creates an additional layer of protection as anyone attempting to break into your database would first need to be able to connect via SSH.

Frequently Asked Questions

What version of MySQL is installed?
ServerAuth will automatically install the latest version available for your operating system. We do not install custom copies of MySQL and only ever use the official copy supplied by your operating systems application repository.

How do I access the root user?
The root user account is intentionally locked down to local access only. A plaintext copy of the password is never left on the server, or stored anywhere on ServerAuth. Instead, a separate ServerAuth user is created, and an encrypted password file is kept on your server which can only be decrypted by the secure enclave system used to communicate with your server.

In the event that you are locked out of your database server, or are leaving ServerAuth and wish to retain access to the root user you can contact us and we will be able to command an automated root password reset, which can then be supplied to you. As we have no direct access to your server we are unable to read your root password or provide it for use whilst the server is still actively connected to ServerAuth.

How are my database passwords stored?
ServerAuth does not store any passwords for your database. Your database user passwords are stored and handled by MySQL in the same way they would be normally. The root password and ServerAuth password are stored in encrypted files on your server and are only decoded by the ServerAuth enclave when required. This all takes place on your server, and no passwords are ever sent back to ServerAuth for any reason.

Can I install PostgreSQL or another database service?
Currently, we support MySQL however do plan on supporting additional database types in the future. If you require PostgreSQL (or any other database type) please let us know as this helps shape our future feature releases.

ServerAuth
Server Management & SSH Security Software
 on X (Twitter)
Copyright © Peakstone Ltd
Registered in England & Wales No. 13996293
All Rights Reserved.
Solutions
Resources
Support
Customers
ServerAuth
The Legal Bits