Monday, March 1, 2021

[google-cloud-sql-discuss] Re: How to verify Cloud SQL Proxy connections are encrypted?

Hello Ruban,


I understand that you would like to verify for yourself that the connection between the Cloud SQL Proxy and your Cloud SQL instance is secure. Security is high on the list of many people these days and asking questions about it is a good habit.


I reached out to the Networking Specialists to provide some details about what you're looking for and was able to get some information that I'd like to share with you.


I looked at your question and saw that you are using a local machine. If the local machine, which I assume is a Compute Virtual Machine, the encryption is handled by default GCP encryption because it is within the Google Cloud. This level of encryption cannot be observed. This is the case from Google Cloud to the Cloud SQL proxy.


The part from the Cloud SQL Proxy to the Cloud SQL instance is taken care of by a built-in feature of Cloud SQL Proxy.


I hope this helps and if you have further questions, please reply.



On Monday, March 1, 2021 at 12:44:43 PM UTC-5 ruban...@gmail.com wrote:
I'm currently connecting Via GCE with Cloud SQL Proxy from my local machine.
From what I can understand, even if SSL is not used (server/client certs with SSLMode etc), the connection is encrypted as per the documentation (https://cloud.google.com/sql/docs/postgres/connect-admin-proxy#connect-tcp)

How can I confirm this ?
If I'm connecting locally to the GCE with Cloud SQL Proxy something like this :
psql "host=127.0.0.1 sslmode=disable dbname=DB_NAME user=USERNAME"

I have tried to verify in the Postgres backend :
SELECT datname,usename, ssl, client_addr FROM pg_stat_ssl JOIN pg_stat_activity ON pg_stat_ssl.pid = pg_stat_activity.pid;

But it says SSL is false so I assume that's not the correct way to confirm this.
How can I confirm the connections are encrypted by default as documented?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/1a087a51-bfad-4ad0-9484-af81b6175d51n%40googlegroups.com.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)