Introduction
Recently I have received many requests from our data teamto export all kinds of data from a CloudSQL database. Since I don’t want to become a bottleneck, it’s best to provide them a shared READ-ONLY account. In this way they can play with the data themselves freely with a SQL client.
Prerequisite
I am assuming that you have:
- A running CloudSQL instance (Postgres) with a public IP
- Permission on GCP to edit the database instance
- A database user account that have permission to create new users (Optional unless you need to create new accounts)
Step One
Follow the instructions described in the documentation to download the certificates and allow only SSL/TSL access for security purpose: https://cloud.google.com/sql/docs/postgres/configure-ssl-instance
After this step you should have 3 files on hand:
- A server certificate saved as server-ca.pem
- A client public key certificate saved as client-cert.pem
- A client private key saved as client-key.pem
Important:
For the client-key.pem , run the following command to restrict the permission. Otherwise you will get an error complain about the permission on the private key is too wide.