In addition to Pia's response:
1. Currently, I cannot share any road-map of the AES-256 encryption support for Cloud SQL Proxy. However, I would suggest you to open a feature request using Google Cloud issue tracker.
-- 1. Currently, I cannot share any road-map of the AES-256 encryption support for Cloud SQL Proxy. However, I would suggest you to open a feature request using Google Cloud issue tracker.
2. As per the documentation, Cloud SQL proxy automatically encrypts traffic to and from the database using TLS. You can refer to this document link for information on how Cloud SQL Proxy works.
3. Provided credentials for the Cloud SQL Proxy authenticates the Cloud SQL proxy which enables it to access GCP on behalf of the application, using set of provided Google credentials and this is different from database user authentication. Check this documentation links [1] [2] for more information.
3. Provided credentials for the Cloud SQL Proxy authenticates the Cloud SQL proxy which enables it to access GCP on behalf of the application, using set of provided Google credentials and this is different from database user authentication. Check this documentation links [1] [2] for more information.
4. You do not needs to create a separate Cloud SQL Proxy process to set up a connection to the Cloud SQL. As per documentation, "In general, you should run one proxy client process per workstation or virtual machine." You can connect to the multiple Cloud SQL instances using same Cloud SQL proxy client.
On Friday, July 6, 2018 at 12:26:59 PM UTC-4, Pia Chamberlain wrote:
On Friday, July 6, 2018 at 12:26:59 PM UTC-4, Pia Chamberlain wrote:
Greetings,2) The proxy provides TLS encryption.3) Correct.4) You can connect to multiple instances with the same Proxy client.https://cloud.google.com/sql/docs/mysql/sql-proxy#multiple- instances
On Tuesday, July 3, 2018 at 9:01:27 AM UTC-7, Shubhanan Bakre wrote:We had the following queries regarding the proxy:1) Proxy client encrypts traffic to the Proxy server using AES128 and NOT AES256. Any plans to support AES 256 in near future?
2) Per documentation, TLS tunnel can be established for Authorized IPs. Can it be established for CloudSQL Proxy too?
3) In Cloud Proxy scenario, the "service key" is "only" allowing communication to the Cloud SQL instance. It is NOT used to access to actual data in tables. User/password credentials at database-level are still required to get access to the data in the database.
4) Can we have multiple Proxy clients(one per CloudSQL instance) per VM? Or is it recommended to have a one Proxy Client (for each CloudSQL instance) per VM?Thanks!
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/690d1e12-053d-42f6-9a79-7cb36bd7388a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment