🔌Managing Connectors

Our library of connectors, AnyConnect™, offers a seamless integration to external data providers, enabling you to leverage data from your systems for Toucan visualizations. The library is specifically designed to connect to the most widely used and modern databases and data warehousing tools available in the market.

We provide two types of connectors:

  1. Generic Connectors: These connectors allow you to connect to multiple data sources, but they require advanced configuration to establish the connection.

  2. Specific Connectors: Built for individual data sources, these connectors feature a user-friendly interface that only requires the relevant information for authentication and establishing a connection to the specific data source

Add a connector

A list of connectors will be displayed where you can choose a connector from the list of available connectors.

  1. To add a connector, in the Datasources tab of DataHub, click on Add a connector button.

  2. A modal window will open. Select the connector you want to add among the list of connectors displayed

  3. Configure the connector and save it. A modal will opened with the configuration form specific to the connector. form The connector will appear within the listing of configured connectors.

  4. Click on Test the connection if the option is available or Save to add the connector

Note

Some connectors need a specific installation. Please create a ticket to our support team if you want us to set up one of these connectors on your Toucan instance.

Edit a connector configuration

To edit a connector configuration

  1. Click on the "Settings" action within the actions menu of the connector you want to edit

  1. Edit the configuration of the connector and save it

Delete a connector

To delete a connector:

  1. Click on the three dots button, a "Delete" option is displayed

  2. Confirm the deletion of the connector. If a dataset uses the connector you are trying to delete, you will have a warning message and be able to select child datasets that you would like to delete simultaneously.

Test connection

Before saving your connector configuration, the test connection option allows you to verify that your configuration is correct by testing a simple call to check that your Toucan workspace is able to communicate with your data source.

This option is primarily available for SQL databases.

We support test connection for the following connectors: - AWS Athena - AWS S3 - Databricks - Google Big Query - MongoDB - MySQL - PostGresSQL - AWS Redshift - Snowflake

for some connectors, before clicking on save button, a test connection button is available.

  • After testing a connection, a modal will opened, the test connection is successful:

AWS Athena Connection Test
AWS Athena Connection Test
PostGreSQL Connection Test
  • if the connection is not successful, the modal will show where the problem might be:

🔒 Security

Security is a core priority in how we interface with your data systems:

  • Read-Only Access: We operate in a non-intrusive way (only reading data). It does not have the ability to write, modify, or administer your data sources.

  • Least Privilege Principle: We strongly recommend using a read-only account when configuring a connection. This minimizes potential risk and aligns with best practices for access control.

  • Encrypted Connections: All data communications between Toucan and your source systems are encrypted. Connections with databases use secure protocols, and all interactions with the Toucan platform go through HTTPS.

  • Certificate Management: By default, We support trusted certificates. If needed, it is also possible to configure a custom certificate chain for some connectors.

  • No Persistent Live Data Storage: Data is not stored at rest unless explicitly configured in stored mode. In its default behavior, AnyConnect™ streams data only for immediate use in visualizations. See Stored and Live Datasets for more information

  • Secrets management: all secret fields related to your connectors are stored in a Vault using Hashicorp Vault

Access to a workspace's secrets is handled as follows:

  • The dataset service, to access a workspace's secrets, checks if it has a valid token for the given workspace, generating one if needed via Kubernetes authentication (Tokens are valid for one hour and are only stored in memory).

  • A token only allows access to the secrets of a single workspace, thus ensuring segregation of access to a workspace's secrets

Last updated

Was this helpful?