Pantheon provides direct access for your MySQL databases, both for debugging and for importing large databases. Each site environment (Dev, Test and Live) has a separate database, so credentials for one cannot be used on another. The credentials are automatically included in your site configuration.
NoteDue to the nature of our platform, the connection information will change from time to time due to server upgrades, endpoint migrations, etc. You will need to check the Dashboard periodically or when you can’t connect.
MySQL credentials for each site environment are located in the Dashboard:
The following required fields are provided:
- Server: The hostname of the MySQL server.
- Port: The TCP/IP port number to use for the connection. There is no default and will differ for every environment on each site.
- Username: MySQL user name to use when connecting to server.
- Password: The password to use when connecting to the server.
- Database: The database to use; the value will always be pantheon and cannot be altered.
As each database server is in the cloud, the credentials will occasionally be updated and may change without notice. Normally, this is transparent to a site as the credentials are automatically included by the server. However, if you've saved the credentials in a local client and a month later you can't connect, check your Dashboard for the current credentials.
There's a wide array of MySQL clients that can be used, including MySQL Workbench, Sequel Pro, Navicat, PHPMyAdmin, and others. See the instruction manual or issue queue of your software to learn more about how to configure a connection.
#!/bin/bash # exit on any errors: set -e if [ $# -lt 1 ] then echo "Usage: $0 @pantheon-alias" exit 1 fi # Path to drush goes here: DRUSH='/usr/local/bin/drush' # Authenticate with Terminus terminus auth:login --email <email> # see the following file: TEMPLATE='spf-template.spf' # may need to change this: TMP_SPF='/tmp/tmp.spf' # Update aliases terminus aliases echo "fetching connection string" CONNECTION_STRING=`$DRUSH $1 sql-connect` echo $CONNECTION_STRING DATABASE=`echo $CONNECTION_STRING | sed -e 's/.*--database=\([^\\ ]*\).*/\1/g'` HOST=`echo $CONNECTION_STRING | sed -e 's/.*--host=\([^\\ ]*\).*/\1/g'` PORT=`echo $CONNECTION_STRING | sed -e 's/.*--port=\([^\\ ]*\).*/\1/g'` PASSWORD=`echo $CONNECTION_STRING | sed -e 's/.*--password=\([^\\ ]*\).*/\1/g'` USER=`echo $CONNECTION_STRING | sed -e 's/.*--user=\([^\\ ]*\).*/\1/g'` # This is for Sequel Pro: eval "echo \"$(< $TEMPLATE)\"" # For some reason, Sequel Pro or Open do not behave the same way given the -f # flag compared to opening a file from file system. So, we write to a tmp file. eval "echo \"$(< $TEMPLATE)\"" > $TMP_SPF # Swap this out to fit your system: open $TMP_SPF
Props to Aaron Bauman for writing this script!
By default, MySQL connections made to Pantheon are encrypted:
mysql> SHOW STATUS LIKE "Ssl_cipher"; +---------------+---------------------------+ | Variable_name | Value | +---------------+---------------------------+ | Ssl_cipher | DHE-RSA-AES128-GCM-SHA256 | +---------------+---------------------------+
Developers can use SSH tunnels to add additional layers of encryption to remote MySQL connections, or tunnel the connection across non-standard ports. For more information on how to set up tunnels for databases, see Secure Connections to Pantheon Services via TLS or SSH Tunnels.
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
ERROR 2003 (HY000): Can't connect to MySQL server on 'dbserver.$ENV.$SITE.drush.in' (111)
This error occurs when a request is sent to a database server that is in sleep mode. Pantheon containers spin down after ~1 hour of idle time. Live environments on a paid plan spin down after 12 hours of idle time. Environments usually spin up within 30 seconds of receiving a request. To resolve this error, wake environments by loading the home page or with the following Terminus command:
terminus env:wake <site>.<env>
See Database Connection Errors to troubleshoot connection errors like the following:
Can’t connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'...).
Pantheon logs underperforming database queries using the MySQL Slow Query Log. To access the log for your database, get the SFTP connection info for the environment in question. Then, replace the word "appserver" with "dbserver" in the connection string. The MySQL slow query logs are in the
To access MySQL binary logs ("binlogs"), connect to the database server as described above for the slow query logs. Binlogs are stored in the
data subdirectory. These logs are generally not used for development but may be useful to troubleshoot disk quota issues.
Table prefixes are not supported or recommended by Pantheon. While the server will not prevent their creation or use, managing and supporting tables with prefixes is the developer's responsibility.
No, only one database per site is provided. While create privileges are granted, any additional database will not survive regular maintenance operations.
Pantheon places no restrictions on the contents of the database.
No, Pantheon only provides one database user. Some customers have asked about creating a read-only user to provide read but not write access to the database. Consider creating an API or JSON-request application to provide access to the required information.