gcp cloud sql ssl - ghdrako/doc_snipets GitHub Wiki
- https://cloud.google.com/sql/docs/postgres/configure-ssl-instance
- https://github.com/hashicorp/terraform-provider-google/issues/17443
resource "google_sql_database_instance" "postgres_instance" {
(...)
settings {
tier = "db-custom-2-7680"
ip_configuration {
# this should be value of "ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY" or "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
sslMode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
}
}
}
In clinet
The default sslmode is the require(theoretically),
however you can define the followings:
“require” (default), “verify-full”, “verify-ca”, and “disable”
So the configuration should be similar like this:
backend “pg” {
conn_str =
"postgres://<username>:<password>@<pqdn or IP>/<database:name>?sslmode=require"
}