diff --git a/docs/img/database-access/dbeaver-configure-server.png b/docs/img/database-access/dbeaver-configure-server.png index 67729221d6da5..9f5a12a66131b 100644 Binary files a/docs/img/database-access/dbeaver-configure-server.png and b/docs/img/database-access/dbeaver-configure-server.png differ diff --git a/docs/img/database-access/dbeaver-pg-configure-server.png b/docs/img/database-access/dbeaver-pg-configure-server.png new file mode 100644 index 0000000000000..12a597709fc09 Binary files /dev/null and b/docs/img/database-access/dbeaver-pg-configure-server.png differ diff --git a/docs/img/database-access/dbeaver-ssl.png b/docs/img/database-access/dbeaver-ssl.png deleted file mode 100644 index 00ae986a66d4b..0000000000000 Binary files a/docs/img/database-access/dbeaver-ssl.png and /dev/null differ diff --git a/docs/img/database-access/dbeaver-tls-settings.png b/docs/img/database-access/dbeaver-tls-settings.png deleted file mode 100644 index 6dc633ba08180..0000000000000 Binary files a/docs/img/database-access/dbeaver-tls-settings.png and /dev/null differ diff --git a/docs/img/database-access/guides/sqlserver/dbeaver-connection@2x.png b/docs/img/database-access/guides/sqlserver/dbeaver-connection@2x.png index be7e973075c14..9a5bdb7505e43 100644 Binary files a/docs/img/database-access/guides/sqlserver/dbeaver-connection@2x.png and b/docs/img/database-access/guides/sqlserver/dbeaver-connection@2x.png differ diff --git a/docs/pages/database-access/guides/gui-clients.mdx b/docs/pages/database-access/guides/gui-clients.mdx index 2d103f5504890..e6ca98ccf4417 100644 --- a/docs/pages/database-access/guides/gui-clients.mdx +++ b/docs/pages/database-access/guides/gui-clients.mdx @@ -79,6 +79,25 @@ Ensure that your environment includes the following: + +Starting the local database proxy with the `--tunnel` flag will create an +authenticated tunnel that you can use to connect to your database instances. +You won't need to configure any credentials when connecting to this tunnel. + +Here is an example on how to start the proxy: + +```bash +# First, login into the database. +$ tsh db login + +# Then, start the local proxy. +$ tsh proxy db --tunnel +Started authenticated tunnel for the database "" in cluster "" on 127.0.0.1:62652. +``` + +You can then connect to the address the proxy command returns, in our example it +is `127.0.0.1:62652`. + If you're using Teleport in [TLS routing](../../setup/operations/tls-routing.mdx) mode where each database protocol is multiplexed on the same web proxy port, use @@ -178,6 +197,20 @@ certificate, key and root certificate from the configuration above: Click "Save", and pgAdmin should immediately connect. If pgAdmin prompts you for password, leave the password field empty and click OK. +## PostgreSQL DBeaver +To connect to your PostgreSQL instance, use the authenticated proxy address. +This is `127.0.0.1:62652` in the example above (see the “Authenticated Proxy” +section on [Get connection information](./gui-clients.mdx#get-connection-information) +for more information). + +Use the "Database native" authentication with an empty password: + +![DBeaver Postgres Configure +Server](../../../img/database-access/dbeaver-pg-configure-server.png) + +Clicking on "Test connection" should return a connection success message. Then, +click on "Finish" to save the configuration. + ## MySQL Workbench [MySQL Workbench](https://www.mysql.com/products/workbench/) is a GUI @@ -219,7 +252,8 @@ In the search bar of the "Connect to a database" window that opens up, type "mys ![DBeaver Select Driver](../../../img/database-access/dbeaver-select-driver.png) -In the newly-opened "Connection Settings" tab, copy the `Server Host` and `Port` from the `tsh db config` output into the DBeaver config fields: +In the newly-opened "Connection Settings" tab, use the Host as `localhost` and +Port as the one returned by the proxy command (`62652` in the example above): ![DBeaver Select Configure Server](../../../img/database-access/dbeaver-configure-server.png) @@ -233,20 +267,8 @@ Authentication" box, and click "Ok" to save: ![DBeaver Driver Settings](../../../img/database-access/dbeaver-driver-settings.png) -Once you are back in the "Connection Settings" window, navigate to the "Driver -Properties" tab, scroll down to find the `enabledTLSProtocols` field and enter -"TLSv1.2" into the `Value` field: - -![DBeaver TLS Settings](../../../img/database-access/dbeaver-tls-settings.png) - -Navigate to the "SSL" tab, check the "Use SSL" box, uncheck the "Verify Server -Certificates" box, and copy the `CA Certificate`, `Client Certificate`, and -`Client Private Key` paths from the output of the `tsh` command you ran at the -beginning of this guide: - -![DBeaver SSL](../../../img/database-access/dbeaver-ssl.png) - -Click "Ok" to finish and DBeaver should connect to the remote MySQL server automatically. +Once you are back in the "Connection Settings" window, click "Ok" to finish and +DBeaver should connect to the remote MySQL server automatically. ## MongoDB Compass @@ -276,7 +298,7 @@ Click on the "Connect" button. ## SQL Server DBeaver In the DBeaver connection configuration menu, use your proxy's endpoint. This is -`localhost:4242` in the example above. (See +`localhost:62652` in the example above. (See [Get connection information](./gui-clients.mdx#get-connection-information) for more information.)