Google Cloud SQL SSL Cert

This page shows how to write Terraform for Cloud SQL SSL Cert and write them securely.

google_sql_ssl_cert (Terraform)

The SSL Cert in Cloud SQL can be configured in Terraform with the resource name google_sql_ssl_cert. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L5
resource "google_sql_ssl_cert" "certificate" {
  count       = var.enable_tls ? 1 : 0

  provider = google

  common_name = var.common_name
main.tf#L7
resource "google_sql_ssl_cert" "this" {
  common_name = var.common_name
  instance    = var.instance
  project     = var.project

  dynamic "timeouts" {
main.tf#L25
resource "google_sql_ssl_cert" "client_cert" {
  provider    = "google-beta"
  common_name = var.common_name
  instance    = var.database_instance_name
}
main.tf#L26
resource "google_sql_ssl_cert" "client_cert" {
  provider    = google-beta
  common_name = var.common_name
  instance    = var.database_instance_name
}
database.tf#L22
resource "google_sql_ssl_cert" "client_cert" {
  common_name = "client-ssl"
  instance    = google_sql_database_instance.master.name

Parameters

  • cert requiredcomputed - string
    • The actual certificate data for this client certificate.

  • cert_serial_number requiredcomputed - string
    • The serial number extracted from the certificate data.

  • common_name required - string
    • The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.

  • create_time requiredcomputed - string
    • The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.

  • expiration_time requiredcomputed - string
    • The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.

  • id optionalcomputed - string
  • instance required - string
    • The name of the Cloud SQL instance. Changing this forces a new resource to be created.

  • private_key requiredcomputed - string
    • The private key associated with the client certificate.

  • project optionalcomputed - string
    • The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • server_ca_cert requiredcomputed - string
    • The CA cert of the server this client cert was generated from.

  • sha1_fingerprint requiredcomputed - string
    • The SHA1 Fingerprint of the certificate.

Explanation in Terraform Registry

Creates a new Google SQL SSL Cert on a Google SQL Instance. For more information, see the official documentation, or the JSON API.

Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.

Frequently asked questions

What is Google Cloud SQL SSL Cert?

Google Cloud SQL SSL Cert is a resource for Cloud SQL of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud SQL SSL Cert?

For Terraform, the UpperGit/terraform-gcp, niveklabs/google and Maxar-Corp/terraform-google-sql source code examples are useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.