# Managing database connections
                          
One of the most important functionalities of Dorieh data platform
is support for creating a data warehouse for storing an analysis of large
volumes of data. Moreover, Dorieh supports a rich set of in-database 
data transformations 
(see [Modelling data in Dorieh](Datamodels)). Dorieh assumes that the DBMS
used for data warehousing is an instance of  
[PostgreSQL](https://www.postgresql.org/docs/current/index.html)
version 13 or higher.

A preferred way to manage connections to a database is through a `.ini` file.

Such a file contains URIs and credentials for database connections and can store multiple
entries. These entries can be either in a clear text or a reference to a Vault or a Secret Manager.

Dorieh supports connection that require creating an ssh tunnel to connect to a host 
on the same network as the DBMS.

Below is an example of database connection file storing 3 different ways to connect to 
a database.

```ini
[mimic]
host=localhost
database=mimicii
user=postgres
password=*****

[nsaph2]
host=dorieh.platform.cluster.uni.edu
database=nsaph
user=dbuser
password=*********
ssh_user=johndoe

[dorieh]
database=dorieh
secret=aws:region=us-east-1:name=nsaph/public/dorieh/

```

The first connection uses a local instance of PostgreSQL containing a copy of
[MIMIC-III Clinical Database](https://physionet.org/content/mimiciii/1.4/).

The second connects to a database that is not accessible from a local machine.  
It is using an ssh tunnel to connect to a remote host that has direct access. 
The tunnel is defined by adding an `ssh_user` parameter.
In this example **johndoe** is a username for ssh while **dbuser** is a username for the database.
                                                
These options are appropriate for development and debugging, but are not secure enough for any 
production. The third connection uses
[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)
to retrieve connection credentials. In this case security is provided by AWS.

> Note: in some cases it might be required to specify an 
> [AWS profile](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html)
> to be able to access the Secrets Manager. This is done by setting an environment variable.
> See the following example:

     export AWS_PROFILE=dorieh
                              
> defines that an AWS profile named `dorieh` will be used to retrieve credentials from
> the Secrets Manager.