Back to Help

Connect a Microsoft SQL Server database

Give your AI employee read-only access to a Microsoft SQL Server database so it can run analytics and build reports over your SQL Server data.

Why we ask for this

To analyse your data and build reports, your AI employee needs to read it directly from the source. These fields are the address and login for your Microsoft SQL Server database.

We ask for a read-only login on purpose, and recommend pointing it at a reporting replica where one exists. Read-only means a reporting task can never change or delete a record, and a replica keeps heavy queries off the database that runs your day-to-day operations. This is the safe, standard pattern for SQL Server analytics.

The password is stored encrypted at rest (AES-256-GCM) and scoped to your tenant. It is never baked into the container image. It is decrypted and set as an environment variable inside your isolated container only when a session starts, and you can rotate or revoke the login from SQL Server at any time.

Where to get the connection details

  1. 1Ask your DBA to create a dedicated SQL Server login mapped to a read-only database user — typically a member of the db_datareader role, with no write or schema permissions.
  2. 2If you maintain a reporting replica or an Always On readable secondary, point this connection there instead of the primary so reports never compete with production load.
  3. 3Collect the server host and port (SQL Server defaults to 1433), the database name, and the read-only username and password.
  4. 4If the server sits behind a firewall, set up a Tailscale or Cloudflare Tunnel first (see the Connectivity note below) and use the private host address it gives you.
  5. 5Enter the values into the matching fields: PATAKIS_MSSQL_HOST, PATAKIS_MSSQL_PORT, PATAKIS_MSSQL_USER, PATAKIS_MSSQL_PASSWORD and PATAKIS_DB_NAME.

Reaching a server behind a firewall

Your AI employee runs in an isolated cloud container that, by default, can only reach the public internet — it has no route into your private network. A SQL Server that only listens on an internal address will be unreachable and the connection will time out.

The fix is a private tunnel. Set up Tailscale or a Cloudflare Tunnel on a machine that can already reach the server, then use the private hostname it provides as the host value here. Nothing else on your network is exposed.

Help & Knowledge Base