Like any network aware service, SQL database connections also need to be protected on the wire. If the database connection is unencrypted then it may be possible to perform a man in the middle attack that may allow an attacker to retrieve and tamper SQL queries and data. The risk is highest for databases that allow Internet located IP addresses to connect for access. A successful attack can lead to data compromise.
Login to the Google Cloud console and navigate to Cloud SQL Instances (https://console.cloud.google.com/sql/instances).
Click on the instance name for which encrypted connections are to be enabled
In the left-side panel, select Connections then click on the Security tab
In the SSL connections section, click Allow only SSL connections
Under Manage server certificates click Create new certificate
Under Manage client certificates click Create client certificate
gcloud sql instances patch <INSTANCE_NAME> --require-ssl
Note:
RESTART
is required for type MySQL Generation 1 Instances (backendType: FIRST_GEN
) to get this configuration in effect.”