Enabling Secure Database Access

Please note that this step is unecessary for Google BigQuery. BigQuery users can skip directly to database configuration.

Looker Hosted: Many companies prefer to use a Looker-hosted instance for the simplicity, ease of implementation, and reduced support costs. In this case, the data that passes between Looker and the database travels over the public Internet, on shared infrastructure. Consequently, it is important to ensure data security.

On-premise: Customers who are hosting their own Looker instance will likely be on the same, private network as their database. However, if that is not the case, please be sure to secure your data as well, perhaps using the types of options suggested below.

The options, from easiest to most difficult, are:

Option 1: IP Address Whitelist

The first step is to limit access to your data from the network layer. We recommend granting access to your database only from specific, trusted hosts.

All network traffic from Looker will come from one of the following IP addresses, based on the region where your Looker instance is hosted. By default this will be the United States. Please whitelist each of the IP addresses in the appropriate region listed below.

United States (default)




South America

Prohibiting traffic to your database, except from these and other trusted IP addresses, is an easy way to limit data access.

Option 2: SSL Encryption

A second option is to enable SSL encryption on your database. SSL prevents anyone from being able to intercept the data between Looker and your database.

You’ll first need to complete the IP address whitelist instructions above. Further instructions for SSL encryption are dialect specific, so links to SSL instructions are included in the Database Configuration section.

Option 3: SSH Tunnel

The third option you can use to protect your data is a SSH Tunnel. Using a tunnel provides an encrypted connection and extra authentication for enhanced security. Instructions for this option are provided here.

Next Step

After you have enabled secure database access you’re ready to configure your database for Looker.