Connections Overview
Manage credentials for databases, APIs, and external services with encrypted storage.
Manage credentials for databases, APIs, and external services. Passwords are encrypted at rest.
What are connections
A connection stores the credentials and host information needed to access an external system. Instead of hardcoding database URIs or API keys in pipeline configs, you reference a connection by its ID:
{"conn_id": "prod-postgres"}The engine resolves the connection ID to a full URI at runtime.
Connection types
| Type | Label | Use case |
|---|---|---|
postgres | PostgreSQL | Database source/sink nodes |
mysql | MySQL | Database source/sink nodes |
sqlite | SQLite | Database source/sink nodes |
http | HTTP / REST API | API source/sink nodes |
sftp | SFTP / SSH | File transfers |
s3 | Amazon S3 | Cloud storage |
generic | Generic | Any TCP service |
Encryption
All passwords and the extra field are encrypted with AES-256-GCM before storage. The encryption key is stored in {db_path}.key (e.g., broked.db.key).
- Passwords are never returned in API responses (always
********) - The
extrafield (for headers, tokens, etc.) is encrypted and only decrypted when actually used - The encryption key is generated automatically on first run
Protect your key file: Back up the
.keyfile. If lost, encrypted connection passwords cannot be recovered.
Creating connections
UI
Go to Connections in the sidebar and click New Connection. Fill in the type, host, port, credentials, and click Save.
API
curl -X POST http://localhost:8080/api/connections \
-H "Content-Type: application/json" \
-d '{
"conn_id": "prod-postgres",
"type": "postgres",
"host": "db.example.com",
"port": 5432,
"schema": "mydb",
"login": "etl_user",
"password": "secret123"
}'Python SDK
Connections are managed via the UI or API, not the SDK. Reference them in pipelines by conn_id.
Testing connections
Test connectivity before using a connection in a pipeline:
curl -X POST http://localhost:8080/api/connections/prod-postgres/testResponse:
{"success": true, "message": "Connected successfully (pgx)", "driver": "pgx"}Connection fields
| Field | Type | Description |
|---|---|---|
conn_id | string | Unique slug identifier (required) |
type | string | Connection type (required) |
host | string | Hostname or URL |
port | int | Port number |
schema | string | Database name |
login | string | Username |
password | string | Password (encrypted at rest) |
extra | string | JSON string for additional config (encrypted at rest) |
Using connections in pipelines
Reference by conn_id in any node that supports it:
{
"type": "source_db",
"config": {
"conn_id": "prod-postgres",
"query": "SELECT * FROM users"
}
}The engine builds the full connection URI from the stored fields.
Usage tracking
See which pipelines use a connection:
curl http://localhost:8080/api/connections/prod-postgres/used-byThis helps prevent accidentally deleting connections that are in use.