Top / Google Cloud Platform / Google Cloud SQL / SSL Cert

Google Cloud SQL SSL Cert

This page shows how to write Terraform for Cloud SQL SSL Cert and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_sql_ssl_cert (Terraform)

The SSL Cert in Cloud SQL can be configured in Terraform with the resource name google_sql_ssl_cert. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L5
resource "google_sql_ssl_cert" "certificate" {
  count       = var.enable_tls ? 1 : 0

  provider = google

  common_name = var.common_name
main.tf#L7
resource "google_sql_ssl_cert" "this" {
  common_name = var.common_name
  instance    = var.instance
  project     = var.project

  dynamic "timeouts" {
main.tf#L25
resource "google_sql_ssl_cert" "client_cert" {
  provider    = "google-beta"
  common_name = var.common_name
  instance    = var.database_instance_name
}
main.tf#L26
resource "google_sql_ssl_cert" "client_cert" {
  provider    = google-beta
  common_name = var.common_name
  instance    = var.database_instance_name
}
database.tf#L22
resource "google_sql_ssl_cert" "client_cert" {
  common_name = "client-ssl"
  instance    = google_sql_database_instance.master.name

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

  • cert optional computed - string

The actual certificate data for this client certificate.

The serial number extracted from the certificate data.

The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.

The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.

The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

The private key associated with the client certificate.

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The CA cert of the server this client cert was generated from.

The SHA1 Fingerprint of the certificate.

>> from Terraform Registry

Explanation in Terraform Registry

Creates a new Google SQL SSL Cert on a Google SQL Instance. For more information, see the official documentation, or the JSON API.

Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.

>> from Terraform Registry

Tips: Best Practices for The Other Google Cloud SQL Resources

In addition to the google_sql_database_instance, Google Cloud SQL has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

google_sql_database_instance

Ensure to disable local_infile setting in MySQL

It is better to disable the local_infile setting in MySQL. If this is not disabled, arbitrary files might be readable.

Review your Google Cloud SQL settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

The Other Related Google Cloud SQL Resources

Frequently asked questions

What is Google Cloud SQL SSL Cert?

Google Cloud SQL SSL Cert is a resource for Cloud SQL of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud SQL SSL Cert?

For Terraform, the UpperGit/terraform-gcp, niveklabs/google and Maxar-Corp/terraform-google-sql source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents