# Configuring MySQL workspace data connections

During workspace creation, under **Connection Type**, click **MySQL**.

## Connecting to the source database

In the **Source Settings** section, you provide the connection information for the source database.

### Providing the connection details <a href="#mysql-data-connection-source-connection-details" id="mysql-data-connection-source-connection-details"></a>

To provide the connection details for the source database:

1. In the **Server** field, specify the server where the source database is located.
2. By default, Tonic Structural uses all of the databases on the source server.\
   \
   To instead identify specific databases, add them to the **Databases** field.\
   \
   To add a database, type the database name, then press **Enter**. To remove a database from the list, click its delete icon.
3. In the **Port** field, provide the port to use to connect to the source data.
4. In the **Username** field, provide the username to use to connect to the source data.
5. For **Password**, you can either specify the password manually or, if secrets managers are available, you can [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
6. To test the connection to the source data, click **Test Source Connection**.\
   \
   If the connection test is successful, then Structural also tests and reports on the connection speed.

### Ensuring encryption of source database authentication <a href="#mysql-source-auth-encrypt" id="mysql-source-auth-encrypt"></a>

The **Enable SSL/TLS** setting indicates whether to encrypt source database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

### Connecting through an SSH bastion <a href="#mysql-source-ssh-bastion" id="mysql-source-ssh-bastion"></a>

For additional security, to connect through an SSH bastion:

1. Toggle **Enable SSH Tunnel** to the on position.
2. In the **SSH Host** field, provide the host for the SSH bastion.
3. In the **SSH Port** field, provide the port for the SSH bastion.
4. In the **SSH User** field, provide the name of the user to use to connect to the SSH bastion.
5. If you do not use a private key, then in the **SSH Passphrase** field, provide the passphrase to use for authentication.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
6. If you do use a private key, then in the **SSH Private Key** field, provide the private key.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).\
   \
   If the private key uses a passphrase, then in the **SSH Passphrase** field, provide the passphrase for the private key.

## Connecting to the intermediate database for upsert <a href="#mysql-data-connection-intermediate" id="mysql-data-connection-intermediate"></a>

MySQL supports the upsert process. When you enable upsert for the workspace, the data generation process initially writes the transformed data to an intermediate database.

After the initial data generation is complete, the upsert job writes new records to the destination database, and updates existing records in the destination database. It does not touch any other records that are in the destination database.

In the **Upsert** section, when you enable upsert, you are prompted to [configure the upsert processing](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/workspace-config-upsert) and to provide connection information for the intermediate database.

### Providing the connection details <a href="#mysql-data-connection-intermediate-connection-details" id="mysql-data-connection-intermediate-connection-details"></a>

To provide the connection details for the intermediate database:

1. In the **Server** field, specify the server where the intermediate database is located.\
   \
   For each database selected from the source, Structural generates data into a database that uses the same name as the corresponding destination database. To prevent conflicts, the server for the intermediate database must be different from the server for the source database and the destination database.
2. In the **Port** field, provide the port to use to connect to the intermediate database.
3. In the **Username** field, provide the username to use to connect to the intermediate database.
4. For **Password**, you can either specify the password manually or, if secrets managers are available, you can [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
5. To test the connection to the intermediate database, click **Test Intermediate Connection**.\
   \
   If the connection test is successful, then Structural also tests and reports on the connection speed.

### Ensuring encryption of intermediate database authentication <a href="#mysql-intermediate-auth-encrypt" id="mysql-intermediate-auth-encrypt"></a>

The **Enable SSL/TLS** setting indicates whether to encrypt intermediate database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

### Connecting through an SSH bastion <a href="#mysql-intermediate-ssh-bastion" id="mysql-intermediate-ssh-bastion"></a>

For additional security, to connect through an SSH bastion:

1. Toggle **Enable SSH Tunnel** to the on position.
2. In the **SSH Host** field, provide the host for the SSH bastion.
3. In the **SSH Port** field, provide the port for the SSH bastion.
4. In the **SSH User** field, provide the name of the user to use to connect to the SSH bastion.
5. If you do not use a private key, then in the **SSH Passphrase** field, provide the passphrase to use for authentication.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
6. If you do use a private key, then in the **SSH Private Key** field, provide the private key.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).\
   \
   If the private key uses a passphrase, then in the **SSH Passphrase** field, provide the passphrase for the private key.

## Connecting to the destination database <a href="#mysql-connect-destination-database" id="mysql-connect-destination-database"></a>

For a MySQL workspace, you can write the destination data to either:

* A destination database server.
* A container repository. For more information, go to [workspace-config-write-to-container-artifacts](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/workspace-config-write-to-container-artifacts "mention").

Under **Destination Settings**, to write the transformed data to a database server, click **Database Server**.

By default, the destination database uses the same databases as the source database.

### Providing the connection details <a href="#mysql-data-connection-destination-connection-details" id="mysql-data-connection-destination-connection-details"></a>

To provide the connection details for the destination database:

1. In the **Server** field, specify the server where the destination database is located.\
   \
   For each database selected from the source, Structural generates data into a database of the same name. To prevent a conflict, the server for the destination database must be different from the server for the source database and the intermediate database.
2. By default, the destination database names match the source database names. You can optionally provide different database names for the destination.\
   \
   Note that in the following cases, you cannot rename the destination databases:

   * You do not specify the source databases to include.
   * You [provide the database schema](https://docs.tonic.ai/app/setting-up-your-database/mysql-before-create-workspace#mysql-schema-creation-config).

   To enable custom destination database names, toggle **Custom database names** to the on position.\
   \
   When you enable custom destination database names, the source databases are listed under **Original Database Name**.\
   \
   The **New Database Name** column contains the corresponding destination database names, which by default match the source names. To provide a different database name, in the **New Database Name** field, enter the new name.
3. In the **Port** field, provide the port to use to connect to the destination data.
4. In the **Username** field, provide the username to use to connect to the destination data.
5. For **Password**, you can either specify the password manually or, if secrets managers are available, you can [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
6. To test the connection to the destination database, click **Test Destination Connection**.\
   \
   If the connection test is successful, then Structural also tests and reports on the connection speed.

### Ensuring encryption of destination database authentication <a href="#mysql-destination-auth-encrypt" id="mysql-destination-auth-encrypt"></a>

The **Enable SSL/TLS** setting indicates whether to encrypt destination database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

### Connecting through an SSH bastion <a href="#mysql-destination-ssh-bastion" id="mysql-destination-ssh-bastion"></a>

For additional security, to connect through an SSH bastion :

1. Toggle **Enable SSH Tunnel** to the on position.
2. In the **SSH Host** field, provide the host for the SSH bastion.
3. In the **SSH Port** field, provide the port for the SSH bastion.
4. In the **SSH User** field, provide the name of the user to use to connect to the SSH bastion.
5. If you do not use a private key, then in the **SSH Passphrase** field, provide the passphrase to use for authentication.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).
6. If you do use a private key, then in the **SSH Private Key** field, provide the private key.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](https://docs.tonic.ai/app/workspace/managing-workspaces/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret).\
   \
   If the private key uses a passphrase, then in the **SSH Passphrase** field, provide the passphrase for the private key.