SQL database instances should require incoming connections to use SSL¶
Description¶
SQL database instances supporting plaintext connections are susceptible to man-in-the-middle attacks that can reveal sensitive data like credentials, queries, and datasets. It is therefore recommended to always use SSL encryption for database connections.
Remediation Steps¶
Google Cloud Console¶
Navigate to Cloud SQL instances.
Click on the Cloud SQL database instance name to go to the Overview page.
Click Connections in the left navigation pane.
Scroll down to the Security section.
Check the Allow only SSL connections box.
gcloud CLI¶
Enable the
require-ssl
flag for each Cloud SQL database instance:gcloud sql instances patch INSTANCE_NAME --require-ssl