Skip to content

PostgreSQL / RDS

A JDBC connection (target system RDS) points Nexa at a relational database so a connector can publish curated data into it. Despite the “RDS” label it is not AWS-specific — the same form serves any reachable JDBC database. Configure it under Settings > Connection > JDBC Connection.

Pick the engine in the Database type field. Nexa supports:

PostgreSQL, MySQL, Oracle, SQL Server, SQLite, DB2, and MariaDB.

The default port hint is 5432 (PostgreSQL); set the correct port for your engine.

Field Required Example Notes
Connection Name Yes prod orders db Alphanumerics, spaces, hyphens, underscores. Cannot be all digits. Read-only once saved.
Database type Yes PostgreSQL Fixes the driver.
Host Yes your-rds-endpoint.amazonaws.com Hostname or IP reachable from the platform.
Port Yes 5432 Numeric.
Database Yes postgres Target database/catalog name.
Username Yes nexa_svc A user with write access to the target schema.

The password is not a form field — it lives in GitHub. As you type the connection name, the panel shows the derived GitHub Secret Name (CONN_<UPPER_SNAKE_CASE>) you must use.

  1. Go to Settings > Connection > JDBC Connection and click Add.

  2. Enter the Connection Name and select the Database type.

  3. Fill in Host, Port, Database, and Username. These non-sensitive values are stored in the platform database.

  4. Copy the GitHub Secret Name shown in the panel (for example CONN_PROD_ORDERS_DB). In your repository, go to Settings > Secrets and variables > Actions and create a repository secret with that exact name. Nexa also renders a ready-to-copy JSON value:

    {
    "host": "your-rds-endpoint.amazonaws.com",
    "port": 5432,
    "database": "postgres",
    "user": "nexa_svc",
    "password": "XXXXXX",
    "sslmode": "require"
    }

    Replace XXXXXX with the real database password before saving the secret.

  5. Click Submit to save the connection. It is marked Active.

Reachability opens a TCP connection to host:port and reports whether the endpoint answers. It does not verify the username or password — those are checked at connector runtime, once the secret-sync pipeline has copied the password from GitHub into the data platform’s secret scope. If the test fails, confirm the security-group/firewall rules allow traffic from where Nexa runs and that the host resolves.

Once the connection saves and its GitHub secret exists, build a connector against it.