Google Cloud SQL SSL Cert
This page shows how to write Terraform for Cloud SQL SSL Cert and write them securely.
google_sql_ssl_cert (Terraform)
The SSL Cert in Cloud SQL can be configured in Terraform with the resource name google_sql_ssl_cert
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_sql_ssl_cert" "certificate" {
count = var.enable_tls ? 1 : 0
provider = google
common_name = var.common_name
resource "google_sql_ssl_cert" "this" {
common_name = var.common_name
instance = var.instance
project = var.project
dynamic "timeouts" {
resource "google_sql_ssl_cert" "client_cert" {
provider = "google-beta"
common_name = var.common_name
instance = var.database_instance_name
}
resource "google_sql_ssl_cert" "client_cert" {
provider = google-beta
common_name = var.common_name
instance = var.database_instance_name
}
resource "google_sql_ssl_cert" "client_cert" {
common_name = "client-ssl"
instance = google_sql_database_instance.master.name
Parameters
-
cert
optional computed - string
The actual certificate data for this client certificate.
-
cert_serial_number
optional computed - string
The serial number extracted from the certificate data.
-
common_name
required - string
The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
-
create_time
optional computed - string
The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
-
expiration_time
optional computed - string
The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
The name of the Cloud SQL instance. Changing this forces a new resource to be created.
-
private_key
optional computed - string
The private key associated with the client certificate.
-
project
optional computed - string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
-
server_ca_cert
optional computed - string
The CA cert of the server this client cert was generated from.
-
sha1_fingerprint
optional computed - string
The SHA1 Fingerprint of the certificate.
Explanation in Terraform Registry
Creates a new Google SQL SSL Cert on a Google SQL Instance. For more information, see the official documentation, or the JSON API.
Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.
Tips: Best Practices for The Other Google Cloud SQL Resources
In addition to the google_sql_database_instance, Google Cloud SQL has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
google_sql_database_instance
Ensure to disable local_infile setting in MySQL
It is better to disable the local_infile setting in MySQL. If this is not disabled, arbitrary files might be readable.
Frequently asked questions
What is Google Cloud SQL SSL Cert?
Google Cloud SQL SSL Cert is a resource for Cloud SQL of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud SQL SSL Cert?
For Terraform, the UpperGit/terraform-gcp, niveklabs/google and Maxar-Corp/terraform-google-sql source code examples are useful. See the Terraform Example section for further details.