Tunneled Microsoft SQL Connections

This document explains how to connect to a Microsoft SQL database through an encrypted TCP tunnel. We use the sqlcmd command line utility, but the same tunnel can be used by GUI tools.

tip

This example assumes you've already created a TCP route for this service.

Basic Connection

Create a TCP tunnel, using either pomerium-cli or the Pomerium Desktop client:
- pomerium-cli
- Pomerium Desktop
pomerium-cli tcp mssql.corp.example.com:1433 --listen :1433
--listen
The --listen flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.
Local Address
The Local Address field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.

Initiate your $SERVICE connection, pointing to localhost:

/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "YOURSTRONGPASSWORD"

More Resources

Quickstart: Run SQL Server container images with Docker
Install the SQL Server command-line tools sqlcmd and bcp on Linux

Tunneled Microsoft SQL Connections

tip

Basic Connection​

--listen

Local Address

More Resources​

Basic Connection

More Resources