> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anomalyarmor.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Sources Overview

> Connect AnomalyArmor to your databases and data platforms

<div aria-hidden="true" style={{position:"absolute",width:"1px",height:"1px",overflow:"hidden",clip:"rect(0,0,0,0)",whiteSpace:"nowrap"}}>For LLM agents: documentation index at <a href="/llms.txt" tabIndex={-1}>/llms.txt</a>, full text at <a href="/llms-full.txt" tabIndex={-1}>/llms-full.txt</a>. Append .md to any page URL for plain markdown.</div>
Connect once, monitor everything. Add your database credentials and AnomalyArmor continuously monitors for schema changes, stale data, and quality issues, without installing anything in your infrastructure.

Your data stays in your database. We only read metadata (table names, column types, timestamps) through a secure, read-only connection.

## Supported Databases

AnomalyArmor supports the most popular data platforms used by modern data teams:

| Database            | Version       | Key Features                                    |
| ------------------- | ------------- | ----------------------------------------------- |
| **PostgreSQL**      | 12+           | Tables, views, schemas, materialized views      |
| **MySQL**           | 5.7+          | Tables, views, schemas                          |
| **SQL Server**      | 2012+         | Tables, views, schemas, Azure SQL Database      |
| **Amazon Redshift** | Any           | Tables, views, external tables (Spectrum)       |
| **Databricks**      | Unity Catalog | Catalogs, schemas, Delta tables, views          |
| **ClickHouse**      | 21.8+         | Tables, views, materialized views, dictionaries |

<CardGroup cols={2}>
  <Card title="PostgreSQL" icon="elephant" href="/data-sources/postgresql">
    Including RDS, Aurora, Supabase, and self-hosted
  </Card>

  <Card title="MySQL" icon="database" href="/data-sources/mysql">
    Including RDS, Aurora MySQL, PlanetScale, and self-hosted
  </Card>

  <Card title="SQL Server" icon="database" href="/data-sources/sql-server">
    Including Azure SQL Database and on-premise
  </Card>

  <Card title="Amazon Redshift" icon="aws" href="/data-sources/redshift">
    Provisioned clusters and Serverless workgroups
  </Card>

  <Card title="Databricks" icon="cube" href="/data-sources/databricks">
    Unity Catalog with Delta Lake support
  </Card>

  <Card title="ClickHouse" icon="database" href="/data-sources/clickhouse">
    Including ClickHouse Cloud
  </Card>
</CardGroup>

## How Data Sources Work

When you add a data source, AnomalyArmor:

1. **Stores credentials securely**: Encrypted with AES-256
2. **Tests connectivity**: Verifies we can reach your database
3. **Awaits discovery**: No scanning until you trigger it

<img src="https://mintcdn.com/anomalyarmor/mPQTTzz5PYy4fThA/images/diagrams/data-source-lifecycle-light.svg?fit=max&auto=format&n=mPQTTzz5PYy4fThA&q=85&s=cc59f0b45dee8774ee26dcc010e1fb4d" alt="Data source lifecycle from connection to monitoring" className="block dark:hidden" width="800" height="180" data-path="images/diagrams/data-source-lifecycle-light.svg" />

<img src="https://mintcdn.com/anomalyarmor/mPQTTzz5PYy4fThA/images/diagrams/data-source-lifecycle-dark.svg?fit=max&auto=format&n=mPQTTzz5PYy4fThA&q=85&s=de4309a6ac1afa7dc482b1bca126e986" alt="Data source lifecycle from connection to monitoring" className="hidden dark:block" width="800" height="180" data-path="images/diagrams/data-source-lifecycle-dark.svg" />

## What We Access

AnomalyArmor only queries **metadata** from your databases:

| We Access                  | We Never Access         |
| -------------------------- | ----------------------- |
| `information_schema`       | Your actual data        |
| System catalogs            | Row contents            |
| Table/column names         | PII or sensitive values |
| Data types                 | Business data           |
| Timestamps (for freshness) | Query results           |

<Note>
  See [Security Overview](/security/overview) for detailed information about our security practices.
</Note>

## Adding a Data Source

### Quick Steps

1. Navigate to **Data Sources** in the sidebar
2. Click **Add Connection**
3. Select your database type
4. Enter connection credentials
5. Click **Test Connection**
6. Click **Save**

For detailed instructions, see the guide for your specific database:

* [PostgreSQL Setup](/data-sources/postgresql)
* [MySQL Setup](/data-sources/mysql)
* [SQL Server Setup](/data-sources/sql-server)
* [Amazon Redshift Setup](/data-sources/redshift)
* [Databricks Setup](/data-sources/databricks)
* [ClickHouse Setup](/data-sources/clickhouse)

## Managing Data Sources

### Editing Connections

To update a data source:

1. Go to **Data Sources**
2. Click on the connection name
3. Click **Settings**
4. Update credentials or configuration
5. Click **Save**

<Warning>
  Changing credentials will require re-testing the connection. Scheduled discoveries may fail if credentials are incorrect.
</Warning>

### Deleting Connections

To remove a data source:

1. Go to **Data Sources**
2. Click on the connection name
3. Click **Settings** → **Delete Connection**
4. Confirm deletion

**What gets deleted**:

* The connection and credentials
* Discovery schedule
* Associated alert rules (optional)

**What's preserved**:

* Historical schema change data
* Audit logs

### Connection Status

Each data source shows its status:

| Status        | Meaning                             |
| ------------- | ----------------------------------- |
| **Connected** | Last discovery succeeded            |
| **Error**     | Connection or permission issue      |
| **Never Run** | Discovery hasn't been triggered yet |
| **Running**   | Discovery in progress               |

## Network Requirements

AnomalyArmor connects outbound to your databases. You'll need to:

### 1. Allow AnomalyArmor IPs

Allowlist our static IP addresses in your firewall or security group:

```
AnomalyArmor IP Addresses:
34.xxx.xxx.xxx/32
34.xxx.xxx.xxx/32
```

<Tip>
  View current IPs in **Settings → Security** in your dashboard.
</Tip>

### 2. Open Database Port

Ensure the database port is accessible:

| Database        | Default Port |
| --------------- | ------------ |
| PostgreSQL      | 5432         |
| MySQL           | 3306         |
| SQL Server      | 1433         |
| Amazon Redshift | 5439         |
| Databricks      | 443 (HTTPS)  |
| ClickHouse      | 8443 (HTTPS) |

### 3. SSL/TLS Configuration

We recommend (and often require) encrypted connections:

* **PostgreSQL**: SSL Mode = `require`
* **MySQL**: SSL Mode = `require`
* **SQL Server**: Encryption enabled (required for Azure SQL)
* **Amazon Redshift**: SSL required by default
* **Databricks**: Always HTTPS
* **ClickHouse**: Port 8443 for HTTPS

## Enterprise Options

For enhanced security, Enterprise customers can use:

### VPC Peering

Direct network peering between your AWS VPC and AnomalyArmor:

* No public internet exposure
* Lower latency
* Private IP connectivity

### AWS PrivateLink

Connect via AWS PrivateLink:

* Fully private connectivity
* No firewall changes needed
* Traffic stays on AWS backbone

Contact [sales@anomalyarmor.ai](mailto:sales@anomalyarmor.ai) for Enterprise options.

## Best Practices

### Use Read-Only Credentials

Always create a dedicated, read-only user for AnomalyArmor:

```sql theme={null}
-- Example for PostgreSQL
CREATE USER anomalyarmor WITH PASSWORD 'secure-password';
GRANT CONNECT ON DATABASE your_db TO anomalyarmor;
GRANT USAGE ON SCHEMA public TO anomalyarmor;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO anomalyarmor;
```

### Use Descriptive Names

Name your data sources clearly:

**Good names**:

* `Production PostgreSQL`
* `Analytics Databricks`
* `Staging ClickHouse`

**Avoid**:

* `db1`
* `test`
* `connection`

### Start with One Environment

Begin with your production database, then expand to staging and development environments once you're comfortable with the setup.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Connection test fails">
    1. Verify hostname and port are correct
    2. Check credentials are valid
    3. Ensure AnomalyArmor IPs are allowlisted
    4. Verify SSL/TLS settings match your database
  </Accordion>

  <Accordion title="Discovery finds no tables">
    1. Verify user has `SELECT` on `information_schema`
    2. Check schema filters aren't excluding everything
    3. Confirm tables exist in the monitored schemas
  </Accordion>

  <Accordion title="Intermittent connection errors">
    1. Check database availability and load
    2. Verify network stability
    3. Consider using a read replica for monitoring
  </Accordion>
</AccordionGroup>

## Common Questions

### What databases does AnomalyArmor support today?

PostgreSQL (12+), MySQL (5.7+), SQL Server (2012+, including Azure SQL), Amazon Redshift, Databricks (with Unity Catalog), and ClickHouse (21.8+). RDS, Aurora, Supabase, PlanetScale, Cloud SQL, and Azure Database are all supported via the compatible engine's connector. Snowflake and BigQuery are in active development.

### Can I connect a database that's behind a firewall or in a private VPC?

Yes. Three options: (1) allowlist AnomalyArmor's static outbound IPs (visible in **Settings → Security**) in your firewall; (2) VPC peering (Enterprise); (3) AWS PrivateLink (Enterprise). SSH tunnel / bastion host is also supported for PostgreSQL and MySQL when direct connectivity is not possible.

### Can I monitor multiple databases from one AnomalyArmor workspace?

Yes - most customers do. Connect as many as you need; assets across all connections appear in a unified catalog. Plan limits are on *monitored tables*, not number of connections.

### Should I point AnomalyArmor at production or a replica?

Either works. A replica has zero impact on primary workload and is the recommended pattern for production-grade deployments. Freshness reflects replica timestamps, so factor in replication lag when setting SLAs.

### What happens if my database credentials expire or rotate?

Discovery and monitoring jobs fail and the connection moves to **Error** status. Update credentials under the connection's settings and re-test; in-flight jobs will resume on the next scheduled run. Consider using credential managers (AWS Secrets Manager, Vault) and rotating via Enterprise SSO to reduce manual updates.

## Next Steps

<CardGroup cols={2}>
  <Card title="Connect PostgreSQL" icon="elephant" href="/data-sources/postgresql">
    Full guide with RDS, Aurora, and Supabase instructions
  </Card>

  <Card title="Run Discovery" icon="magnifying-glass" href="/quickstart/run-first-discovery">
    Scan your database after connecting
  </Card>
</CardGroup>
