Connect to Your Managed Database
TL;DR — Every managed cluster exposes a Connection tab with a ready-to-paste URI, a password, and individual host / port / database / user fields. Public access is on; pair it with a firewall rule for your servers. Private (VPC) URIs are available for servers in the same region.
Where to Find Connection Details
- Go to
/cloudpanel/databases - Click the cluster name
- Open the Connection tab
You'll see two columns:
- Public Connection — reachable from the internet (subject to firewall rules)
- Private Connection (VPC) — reachable only from EasyCloudify resources in the same region, no public exposure
Each row has a copy button. Secret fields (URI, password) have a show / hide eye toggle.
Fields You Will See
| Field | What It Is |
|---|---|
| Connection URI | A complete driver-ready string. Paste straight into your app's DATABASE_URL. |
| Host | The server hostname (used if you build the URI yourself) |
| Port | 5432 PostgreSQL, 3306 MySQL, 27017 MongoDB, 25061 Valkey, 25060 Kafka, 25062 OpenSearch (defaults — always check the UI) |
| Database | Default logical database (defaultdb for SQL engines, admin for MongoDB) |
| User | Default admin user (doadmin) |
| Password | The admin user's password |
| SSL Mode | require for all engines — encryption is mandatory |
Public vs. Private (VPC)
| Public | Private (VPC) | |
|---|---|---|
| Reachable from | Anywhere (subject to firewall) | Only same-region EasyCloudify resources |
| Encryption | TLS required | TLS required |
| Latency | Internet path | Backplane (lowest) |
| Use for | Local dev, CI, third-party tools, multi-region apps | Production apps colocated with the DB |
Always prefer the private URI for production traffic when your app is in the same region. It is faster, never traverses the public internet, and removes the need for IP-based firewall rules for that traffic.
Connect — Common Drivers
PostgreSQL
# psql CLI psql "postgresql://doadmin:PASSWORD@HOST:25060/defaultdb?sslmode=require"
// Node.js (pg) import { Pool } from 'pg' const pool = new Pool({ connectionString: process.env.DATABASE_URL })
# Python (psycopg) import psycopg with psycopg.connect(os.environ["DATABASE_URL"]) as conn: ...
MySQL
# mysql CLI mysql --host=HOST --port=25060 --user=doadmin --password=PASSWORD \ --ssl-mode=REQUIRED defaultdb
// Node.js (mysql2) import mysql from 'mysql2/promise' const conn = await mysql.createConnection({ uri: process.env.DATABASE_URL, ssl: { rejectUnauthorized: true }, })
MongoDB
// Node.js (mongodb) import { MongoClient } from 'mongodb' const client = new MongoClient(process.env.MONGODB_URI, { tls: true }) await client.connect()
The URI starts with mongodb+srv:// and includes ssl=true automatically.
Valkey (Redis-compatible)
# valkey-cli or redis-cli redis-cli -u "rediss://default:PASSWORD@HOST:25061"
Note the rediss:// scheme (double s) — that's the TLS variant. Your library may also accept tls: true as an option.
// Node.js (ioredis) import Redis from 'ioredis' const redis = new Redis(process.env.VALKEY_URL, { tls: {} })
Kafka
Kafka clusters expose a bootstrap URL (kafka-cluster.example:25060) and a CA certificate + client certificate / key for mutual TLS. Download the certs from the Connection tab and configure your Kafka client to use SASL_SSL.
OpenSearch
curl --user doadmin:PASSWORD \ "https://HOST:25060/_cluster/health?pretty"
OpenSearch uses HTTPS Basic Auth with the admin credentials.
Connection Pooling
For PostgreSQL and MySQL, never let your application open more connections than the cluster can handle. Use the built-in Connection Pools feature (PgBouncer):
- Open the Pools tab on your cluster
- Create a pool — pick a name, mode, size, user, and database
- Use the pool URI instead of the direct DB URI in your app
See Connection Pooling for the full guide.
SSL / TLS
All engines require TLS. You normally don't need to do anything extra — the URI's sslmode=require (PostgreSQL / MySQL) and tls=true (MongoDB / Valkey) handles it.
If your runtime complains about an unknown CA certificate, download the CA cert from the Connection tab and supply it to your driver. Most languages let you set the CA via an environment variable or a configuration option.
Securing Connections
- Add firewall rules. Only allow your application servers, your team's office IP, and any required third-party CIDRs. See Firewall & Trusted Sources.
- Use the private URI from your app. Removes public exposure entirely.
- Don't use the default
doadminuser from your application code. Create a least-privilege user in the Users tab. See Users & Databases. - Rotate credentials annually. Reset application user passwords on a schedule.
Reading and Saving the Password
- The admin password is always visible in the Connection tab — you can re-copy it at any time.
- For non-admin users you create later, the password is shown only once at creation. Save it immediately.
Troubleshooting
"Connection refused" or "timed out"
- Add your client IP to the firewall, or remove all rules (less secure, but useful for testing). If no firewall rules exist, all sources are allowed by default.
- Check that the cluster's status is Online in the dashboard.
"SSL connection required" / "no pg_hba.conf entry"
TLS is mandatory. Add ?sslmode=require to the URI or enable TLS in your driver config.
"Authentication failed"
Re-copy the password from the Connection tab — it may have been rotated. Make sure you're using the right user (doadmin by default).
Latency is higher than expected
You may be using the public URI from a server in the same region. Switch to the Private (VPC) URI for backplane-only routing.
"Too many connections"
Set up a Connection Pool and point your app at the pool URI.