c6o · georg · Jul 22, 2025 · Jul 22, 2025
diff --git a/docs/guides/credential-infusion.mdx b/docs/guides/credential-infusion.mdx
@@ -17,6 +17,42 @@ flowchart LR
   localDev[Local Postgres client]-->spaceagent
 ```
 
+## Setup Credential Infusion for MySQL
+
+1. Create a Kubernetes secret holding the database credentials in the codezero namespace. The secret name must match the hostname of the database.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test.cluster-cluyia0mwn9q.us-east-2.rds.amazonaws.com
+  namespace: codezero
+  annotations:
+    codezero.io/credentials-infusion-type: mysql
+    codezero.io/credentials-infusion-port: "3306" # optional, defaults to 3306
+type: Opaque
+stringData:
+  username: my-user
+  password: my-password
+```
+
+2. Consume `test.cluster-cluyia0mwn9q.us-east-2.rds.amazonaws.com` service via the Codezero desktop app or `czctl`
+
+```bash
+echo "test.cluster-cluyia0mwn9q.us-east-2.rds.amazonaws.com" | czctl consume apply
+```
+
+3. Use any mysql client in local development to connect to the database. E.g. with mysql client:
+
+```bash
+mysql -h test.cluster-cluyia0mwn9q.us-east-2.rds.amazonaws.com -u something -p --ssl-mode=DISABLED
+```
+
+:::note
+When using credential infusion for Mysql the connection must always have ssl mode disabled. The tunnel connection to the space agent will still be secured with TLS.
+:::
+
+
 ## Setup Credential Infusion for PostgreSQL
 
 1. Create a Kubernetes secret holding the database credentials in the codezero namespace. The secret name must match the hostname of the database.