Hyperdrive private database support improved UI docs (#19400)

* thomasgauvin: add changelog, changelog-next, updated docs for improved ui hoa experience

* thomasgauvin: fix date

* Update src/content/changelogs-next/2025-01-28-hyperdrive-automated-private-database-configuration.mdx

* Update src/content/changelogs-next/2025-01-28-hyperdrive-automated-private-database-configuration.mdx

* Update src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx

* Update src/content/docs/hyperdrive/configuration/connect-to-private-database.mdx

---------

Co-authored-by: Jun Lee <[email protected]>

Author: 2 people

src/assets/images/hyperdrive/configuration/hyperdrive-private-database-automatic-configuration.png

@@ -0,0 +1,17 @@
+---
+title: Automatic configuration for private databases on Hyperdrive
+description: Hyperdrive now automatically configures your Cloudflare Tunnel to connect to your private database.
+products:
+  - hyperdrive
+date: 2025-01-28T18:00:00Z
+---
+
+Hyperdrive now automatically configures your Cloudflare Tunnel to connect to your private database.
+
+![Automatic configuration of Cloudflare Access and Service Token in the Cloudflare dashboard for Hyperdrive.](~/assets/images/hyperdrive/configuration/hyperdrive-private-database-automatic-configuration.png)
+
+When creating a Hyperdrive configuration for a private database, you only need to provide your database credentials and set up a Cloudflare Tunnel within the private network where your database is accessible. Hyperdrive will automatically create the Cloudflare Access, Service Token, and Policies needed to secure and restrict your Cloudflare Tunnel to the Hyperdrive configuration.
+
+To create a Hyperdrive for a private database, you can follow the [Hyperdrive documentation](/hyperdrive/configuration/connect-to-private-database/). You can still manually create the Cloudflare Access, Service Token, and Policies if you prefer.
+
+This feature is available from the Cloudflare dashboard.

src/content/changelogs-next/2025-01-28-hyperdrive-automated-private-database-configuration.mdx

@@ -5,6 +5,14 @@ productLink: "/hyperdrive/"
 productArea: Developer platform
 productAreaLink: /workers/platform/changelog/platform/
 entries:
+  - publish_date: "2025-01-28"
+    title: Hyperdrive automatically configures your Cloudflare Tunnel to connect to your private database.
+    description: |-
+      When creating a Hyperdrive configuration for a private database, you only need to provide your database credentials and set up a Cloudflare Tunnel within the private network where your database is accessible.
+
+      Hyperdrive will automatically create the Cloudflare Access, Service Token and Policies needed to secure and restrict your Cloudflare Tunnel to the Hyperdrive configuration.
+
+      Refer to [documentation on how to configure Hyperdrive to connect to a private database](/hyperdrive/configuration/connect-to-private-database/).
   - publish_date: "2024-12-11"
     title: Hyperdrive now caches queries in all Cloudflare locations decreasing cache hit latency by up to 90%
     description: |-

src/content/changelogs/hyperdrive.yaml

@@ -58,7 +58,29 @@ Your tunnel must be configured to use a public hostname so that Hyperdrive can r
 If you are setting up the tunnel through the CLI instead ([locally-managed tunnel](/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/)), you will have to complete these steps manually. Follow the Cloudflare Zero Trust documentation to [add a public hostname to your tunnel](/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns/) and [configure the public hostname to route to the address of your database](/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/configuration-file/).
 :::
 
-## 2. Create a service token
+## 2. Create and configure Hyperdrive to connect to the Cloudflare Tunnel
+
+To restrict access to the Cloudflare Tunnel to Hyperdrive, a [Cloudflare Access application](/cloudflare-one/applications/) must be configured with a [Policy](/cloudflare-one/policies/) that requires requests to contain a valid [Service Auth token](/cloudflare-one/policies/access/#service-auth).
+
+The Cloudflare dashboard can automatically create and configure the underlying [Cloudflare Access application](/cloudflare-one/applications/), [Service Auth token](/cloudflare-one/policies/access/#service-auth), and [Policy](/cloudflare-one/policies/) on your behalf. Alternatively, you can manually create the Access application and configure the Policies.
+
+<Tabs> <TabItem label="Automatic creation">
+
+### 2.1 Create a Hyperdrive configuration in the Cloudflare dashboard
+
+Create a Hyperdrive configuration in the Cloudflare dashboard to automatically configure Hyperdrive to connect to your Cloudflare Tunnel.
+
+1. In the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers/hyperdrive), navigate to **Storage & Databases > Hyperdrive** and click **Create configuration**.
+2. Select **Private database**.
+3. In the **Networking details** section, select the tunnel you are connecting to.
+4. In the **Networking details** section, select the hostname associated to the tunnel. If there is no hostname for your database, return to step [1.2. Connect your database using a public hostname](/hyperdrive/configuration/connect-to-private-database/#12-connect-your-database-using-a-public-hostname).
+5. In the **Access Service Authentication Token** section, select **Create new (automatic)**.
+6. In the **Access Application** section, select **Create new (automatic)**.
+7. In the **Database connection details** section, enter the database **name**, **user**, and **password**.
+
+</TabItem>
+<TabItem label="Manual creation">
+### 2.1 Create a service token
 
 The service token will be used to restrict requests to the tunnel, and is needed for the next step.
 
@@ -78,7 +100,7 @@ The service token will be used to restrict requests to the tunnel, and is needed
    This is the only time Cloudflare Access will display the Client Secret. If you lose the Client Secret, you must regenerate the service token.
    :::
 
-## 3. Create an Access application to secure the tunnel
+### 2.2 Create an Access application to secure the tunnel
 
 [Cloudflare Access](/cloudflare-one/policies/access/) will be used to verify that requests to the tunnel originate from Hyperdrive using the service token created above.
 
@@ -116,7 +138,7 @@ The service token will be used to restrict requests to the tunnel, and is needed
 
 17. Save the application.
 
-## 4. Create a Hyperdrive configuration
+### 2.3 Create a Hyperdrive configuration
 
 To create a Hyperdrive configuration for your private database, you'll need to specify the Access application and Cloudflare Tunnel information upon creation.
 
@@ -158,7 +180,9 @@ In addition, it will also set the Access Client ID and the Access Client Secret
 When creating the Hyperdrive configuration for the private database, you must enter the `access-client-id` and the `access-client-id`, and omit the `port`. Hyperdrive will route database messages to the public hostname of the tunnel, and the tunnel will rely on its service configuration (as configured in [1.2. Connect your database using a public hostname](#12-connect-your-database-using-a-public-hostname)) to route requests to the database within your private network.
 :::
 
-## 5. Query your Hyperdrive configuration from a Worker (optional)
+</TabItem> </Tabs>
+
+## 3. Query your Hyperdrive configuration from a Worker (optional)
 
 To test your Hyperdrive configuration to the database using Cloudflare Tunnel and Access, use the Hyperdrive configuration ID in your Worker and deploy it.