Test and validate
To verify that your connections and configuration work properly, run MOLT Fetch in a staging environment before migrating any data in production. Use a test or development environment that closely resembles production.Configure the source database and connection
-
To prevent connections from terminating prematurely during the , set the following to high values on the source database:
-
Maximum allowed number of connections. MOLT Fetch can export data across multiple connections. The number of connections it will create is the number of shards () multiplied by the number of tables () being exported concurrently.
With the default numerical range sharding, only tables with types of , , or can be sharded. PostgreSQL users can enable to use statistics-based sharding for tables with primary keys of any data type. For details, refer to .
- Maximum lifetime of a connection.
-
Maximum allowed number of connections. MOLT Fetch can export data across multiple connections. The number of connections it will create is the number of shards () multiplied by the number of tables () being exported concurrently.
-
If a PostgreSQL database is set as a , ensure that
idle_in_transaction_session_timeouton PostgreSQL is either disabled or set to a value longer than the duration of the . Otherwise, the connection will be prematurely terminated. To estimate the time needed to export the PostgreSQL tables, you can perform a dry run and sum the value of for all exported tables.
Memory requirements
-
MOLT Fetch buffers data in memory before flushing to files or the target database, regardless of which you use. To prevent memory outages during , estimate the amount of memory used to export tables:
If you are exporting multiple tables concurrently (i.e., is set higher than
1), estimate the memory requirement using the table with the largest average row size. For details on how concurrency and sharding interact, refer to . Insufficient memory can cause degraded throughput, process crashes, or migration failures. To prevent memory issues:- Allocate enough memory for MOLT Fetch, based on the preceding formula.
- Adjust , , or if memory is constrained.
- Monitor memory utilization during the migration.
Optimize performance
-
To optimize data load performance, drop all non-
PRIMARY KEYand on the target CockroachDB database before migrating:- (you do not need to drop this constraint when using
drop-on-target-and-recreatefor )
You can recreate and after loading the data.Do not drop constraints. -
For PostgreSQL sources using , run
ANALYZEon source tables before migration to ensure optimal shard distribution. This is especially important for large tables where even distribution can significantly improve export performance. -
If a table in the source database is much larger than the other tables, in its own
molt fetchtask. Repeat this for each of the largest tables. Then export the remaining tables in another task. -
Ensure that the machine running MOLT Fetch is equipped to handle the amount of data being migrated. Fetch performance can sometimes be limited by available resources, but should always be making progress. To identify possible resource constraints, observe the
molt_fetch_rows_exportedfor decreases in the number of rows being processed. You can use the sample Grafana dashboard to view metrics. For details on optimizing export performance through sharding, refer to .
Docker performance
MOLT Fetch is likely to run more slowly in a Docker container than on a local machine. To improve performance, increase the memory or compute resources, or both, on your Docker container.Import and continuation handling
- When using during the to load tables into CockroachDB, if the fetch task terminates before the import job completes, the hanging import job on the target database will keep the table offline. To make this table accessible again, . Then resume
molt fetchusing , or restart the task from the beginning.
Security
Cockroach Labs strongly recommends the following security practices.Connection security
-
To keep your database credentials out of shell history and logs, follow these best practices when specifying your source and target connection strings:
- Avoid plaintext connection strings.
-
Provide your connection strings as environment variables. For example:
Afterward, reference the environment variables in MOLT commands:
- If possible, use an external secrets manager to load the environment variables from stored secrets.
-
Use TLS-enabled connection strings to encrypt data in transit from MOLT to the database. When using TLS certificates, ensure certificate files are accessible to the MOLT binary on the same machine.
For example, a PostgreSQL connection string with TLS certificates:
-
URL-encode connection strings for the source database and so special characters in passwords are handled correctly.
-
Given a password
a$52&, pass it to themolt escape-passwordcommand with single quotes:Use the encoded password in your connection string. For example:
-
Given a password
-
Remove
sslmode=disablefrom production connection strings.
By default, insecure connections (i.e.,
sslmode=disable on PostgreSQL; sslmode not set on MySQL) are disallowed. When using an insecure connection, molt fetch returns an error. To override this check, you can enable the flag. Do this only when testing, or if a secure SSL/TLS connection to the source or target database is not possible.Cloud storage security
Ensure that access control is properly configured for Amazon S3, Google Cloud Storage, or Azure Blob Storage.- S3
- GCS
- Azure
Amazon S3
-
Set the following environment variables in the terminal running
molt fetch:-
To run
molt fetchin a containerized environment (e.g., Docker), pass the required environment variables using-e. If your authentication method relies on local credential files, you may also need to volume map the host path to the appropriate location inside the container using-v. For example:
-
To run
-
Alternatively, set
--use-implicit-authto use . When using assume role authentication, specify the service account with--assume-role. For example: -
Set
--import-regionto specify anAWS_REGION(e.g.,--import-region 'ap-south-1'). - Ensure the S3 bucket is created and accessible by authorized roles and users only.

