As noted in the documentation <https://cloud.google.com/sql/docs/mysql/configure-ssl-instance>, connections that are made using the Cloud SQL Proxy or from App Engine are already encrypted by default whether you configure SSL for the instance or not. So you do not require an SSL cert in these cases.
If your Cloud SQL instance is in the same project as the App Engine app that is making the connection, your App Engine application is already authorized to access the SQL instance. Therefore you do not need to authorize any additional networks or IPs. If you are connecting to a Cloud SQL instance located in a different project, you will need to authorize the App Engine app <https://cloud.google.com/appengine/docs/flexible/nodejs/using-cloud-sql#granting_access_to_gae_name_short> . Alternatively, you can force Only SSL connections to your instance (regardless of IP address), by following the SSL guide <https://cloud.google.com/appengine/docs/flexible/dotnet/using-cloud-sql#create_a_user_and_configure_ssl_access_to_the_cloud_sql_instance>. Just make sure you supply the location of your SSL cert and key <https://cloud.google.com/sql/docs/mysql/connect-docker#connecting_a_db_client_client_using_the_proxy_docker_image> in your Dockerfile similar to how it is done again in Kubernetes <https://github.com/GoogleCloudPlatform/cloudsql-proxy/blob/49547a70aaf92cd61374e845c2cc516c41e900f3/Kubernetes.md#creating-the-cloud-slq-proxy-deployment> so that the proxy starts with the SSL configuration. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/30781175-c024-448d-a2cb-079a59a6c9e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
