Para conectarte a la base de datos desde direcciones IP fuera de tu organización de GDC Sandbox, sigue las instrucciones en Connect to DB para habilitar las conexiones externas.
Puedes usar sshuttle para conectarte a tu base de datos con un cliente de base de datos local, como psql:
Navega a la sección Connectivity de la página Database Service del clúster de bases de datos. En esta página, se incluye lo siguiente:
La contraseña de la cuenta de administrador (el nombre de usuario es dbsadmin)
Nombre de host y número de puerto del extremo principal del clúster de la base de datos
Un comando psql para conectarse al clúster (para clústeres de bases de datos de PostgreSQL y AlloyDB Omni)
Un vínculo para descargar el certificado de la autoridad certificadora (CA) del clúster de base de datos
Descarga el certificado de CA desde la consola de GDC en la sección Conectividad de la página Servicio de base de datos de tu clúster de base de datos.
Configura tu cliente para que use el certificado de la CA y verifique la base de datos. Para los clientes de psql, configura la variable de entorno PGSSLROOTCERT en la ruta del archivo de certificado y la variable de entorno PGSSLMODE según tus preferencias:
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[],[],null,["# Manage databases\n\nGDC Sandbox provides the Database Service to test and manage database\nclusters.\n\nTo create a database cluster, see\n[Choose a database engine type and create a database cluster](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#create).\n| **Note:** GDC Sandbox supports only PostgreSQL and AlloyDB databases.\n\nConnect to the Database\n-----------------------\n\nBy default, a database cluster only allows connection from within the user cluster and the same project.\n\nTo enable connections to all database clusters in your project from another project, see [Enable cross-project connections](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#cross_project_connections).\n\nTo connect to the database from IP addresses outside your GDC Sandbox organization, follow the instructions at [Connect to DB](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#connect) to enable the external connections.\n\nYou can use `sshuttle` to connect to your database with a local database client like `psql`:\n\n1. Navigate to the **Connectivity** section of the **Database Service** page for the database cluster. This page includes:\n\n - The password of the administrator account (the username is `dbsadmin`)\n - Hostname and port number of the database cluster's primary endpoint\n - A `psql` command for connecting to the cluster (for PostgreSQL and AlloyDB Omni database clusters)\n - A link to download the certificate authority (CA) certificate of the database cluster\n2. Download the CA certificate from the GDC console in the\n **Connectivity** section of the **Database Service** page for your\n database cluster.\n\n3. Configure your client to use the CA certificate to verify the database. For\n `psql` clients, set the `PGSSLROOTCERT` env variable to the path of the\n certificate file and the `PGSSLMODE` env variable to your preference:\n\n export PGSSLROOTCERT=\u003cvar translate=\"no\"\u003epath/to/\u003c/var\u003eaccounts_cert.pem\n export PGSSLMODE=\"verify-full\"\n\n4. Initiate a secure tunnel. If you have a running instance of `sshuttle` as described in [Connect to your instance](/distributed-cloud/sandbox/latest/connect), terminate that process.\n\n sshuttle -r zone1-org-1-data@\u003cvar translate=\"no\"\u003eGDC_SANDBOX_INSTANCE_NAME\u003c/var\u003e --no-latency-control \\\n --ssh-cmd 'gcloud compute ssh --project \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e --zone \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e --tunnel-through-iap' \\\n 10.200.0.0/16 --dns\n\n Replace the following with the values provided to you by the GDC Sandbox team:\n - \u003cvar translate=\"no\"\u003eGDC_SANDBOX_INSTANCE_NAME\u003c/var\u003e: the name of your GDC Sandbox instance.\n - \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e: the project containing your GDC Sandbox environment.\n - \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone containing your GDC Sandbox environment.\n5. While the tunnel is active, run the command using `psql` in a different terminal\n\n PGPASSWORD=\u003cvar translate=\"no\"\u003eDB_PASSWORD\u003c/var\u003e psql -h \u003cvar translate=\"no\"\u003eDB_HOSTNAME\u003c/var\u003e -p \u003cvar translate=\"no\"\u003ePORT\u003c/var\u003e -U \u003cvar translate=\"no\"\u003eUSERNAME\u003c/var\u003e -d postgres\n\n Replace the following variables:\n - \u003cvar translate=\"no\"\u003epath/to/\u003c/var\u003e: the path to the `accounts_cert.pem` certificate.\n - \u003cvar translate=\"no\"\u003eDB_PASSWORD\u003c/var\u003e: the password from the console UI.\n - \u003cvar translate=\"no\"\u003eDB_HOSTNAME\u003c/var\u003e: the database hostname from the console.\n - \u003cvar translate=\"no\"\u003eDB_PORT\u003c/var\u003e: the database port number from the console.\n - \u003cvar translate=\"no\"\u003eDB_USERNAME\u003c/var\u003e: the database username from the console."]]