Skip to content

googleSqlSslCert

Creates a new Google SQL SSL Cert on a Google SQL Instance. For more information, see the official documentation, or the JSON API.

\~> Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

Example creating a SQL Client Certificate.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
import * as random from "./.gen/providers/random";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google, random.
For a more precise conversion please use the --provider flag in convert.*/
const randomIdDbNameSuffix = new random.id.Id(this, "db_name_suffix", {
  byte_length: 4,
});
const googleSqlDatabaseInstanceMain =
  new google.sqlDatabaseInstance.SqlDatabaseInstance(this, "main", {
    database_version: "MYSQL_5_7",
    name: `main-instance-\${${randomIdDbNameSuffix.hex}}`,
    settings: [
      {
        tier: "db-f1-micro",
      },
    ],
  });
new google.sqlSslCert.SqlSslCert(this, "client_cert", {
  common_name: "client-name",
  instance: googleSqlDatabaseInstanceMain.name,
});

Argument Reference

The following arguments are supported:

  • instance - (Required) The name of the Cloud SQL instance. Changing this forces a new resource to be created.

  • commonName - (Required) The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • sha1Fingerprint - The SHA1 Fingerprint of the certificate.
  • privateKey - The private key associated with the client certificate.
  • serverCaCert - The CA cert of the server this client cert was generated from.
  • cert - The actual certificate data for this client certificate.
  • certSerialNumber - The serial number extracted from the certificate data.
  • createTime - The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
  • expirationTime - The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.

Timeouts

This resource provides the following Timeouts configuration options: configuration options:

  • create - Default is 10 minutes.
  • delete - Default is 10 minutes.

Import

Since the contents of the certificate cannot be accessed after its creation, this resource cannot be imported.