Get Started Sign In

Sidecar components and communications

Q: What are the components of the Cyral sidecar, and what parts of my infrastructure do they communicate with?

A: The components of the Cyral sidecar are shown in the illustration below and explained in the text that follows.

Sidecar component interactions

Sidecar components and systems they communicate with



Communication Mechanisms


Intercepts client connections at network Layer 4

Handles TLS for client and data endpoint

TCP + mTLS with client and data endpoint

Unix Domain Sockets with Analyzer


Decodes data endpoint’s comm protocol

Parses request grammar

Analyzes requests

Monitors responses

In-memory library APIs with Policy Engine

gRPC with Authenticator and Alerter

Policy Engine

Evaluates requests and responses for policy violations

The policy engine contacts the Cyral control plane to load the latest policy. The sidecar sends non-sensitive reporting information to the Cyral control plane. For details, see


Validates users’ access tokens

Looks up SSO groups and maps to data endpoint accounts

Reads data endpoint account credentials from Vault

mTLS with Identity Provider and Vault


Sends policy violation alerts to configured messaging service

mTLS with messaging service

Logs Shipper

Sends logs to configured SIEM

mTLS with SIEM

Metrics Shipper

Send metrics to configured APM

mTLS with APM

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.