Cloud SQL

Cloud SQL is managed MySQL, PostgreSQL, and SQL Server. Cloud SQL automates backups, replication, and failover to ensure your database is reliable, highly available.

Cloud SQL has automatic data encryption at rest and in transit. Private connectivity with Virtual Private Cloud (VPC) and user-controlled network access that includes firewall protection. Compliant with SSAE 16, ISO 27001, PCI DSS v3.0, and HIPAA

Cloud SQL Instance

Enable API

gcloud services enable

Create an Instance

Create a new Cloud SQL - MySQL Instance.

gcloud sql instances create mysql-instance \
  --database-version=MYSQL_5_7 \
  --region=us-central1 \
  --cpu=2 \
  --memory=4G \
  --root-password=[CHOOSE A PASSWORD]

Create a Database

Create a new database inside of the MySQL database instance.

gcloud sql databases create orders --instance=mysql-instance

Connect to Database instance

By default, every database instance has a public IP address. However, the instance is not publicly accessible because it's protected by the firewall.

To easily connect to the database instance from command line:

You need the MySQL client installed locally first, so that you can use mysql to connect to any MySQL server.

Connect to the MySQL instance using gcloud CLI.

gcloud sql connect mysql-instance

You can configure Cloud SQL instances to only have private IP addresses, so that it's only accessible from a Virtual Private Cloud network.

Create a Table

From the command line connection, you can use the client to create a table for the corresponding database. For example:

# Change to orders database
USE orders;

CREATE TABLE order_items (
  order_id BIGINT,
  description VARCHAR(255),
  quantity INT DEFAULT 1

  description VARCHAR(255),
  creation_timestamp TIMESTAMP

ALTER TABLE order_items ADD FOREIGN KEY (order_id) REFERENCES orders (id);

Add a User

You can add a user using gcloud command line:

Use gcloud command line to create a new user:

gcloud sql users create order-user
  --instance=mysql-instance \

The new user has no privileges. Connect to the database server and grant privileges. Refer to MySQL documentation to use GRANT.

Instance Connection Name

Every Cloud SQL Instance has a unique instance connection name for the form of PROJECT_ID:REGION:INSTANCE_NAME.

Find the Instance Connection Name using gcloud command line:

gcloud sql instances describe INSTANCE_NAME --format='value(connectionName)'

MySQL instance's Instance Connection Name

gcloud sql instances describe mysql-instance \


There are different ways to connect to a Cloud SQL instance. All methods will configure a JDBC URL to allow you to use the corresponding JDBC Driver, and subsequently, JPA / Hibernate and Spring Data.




SQL Server


Cloud SQL Starter


Easy to configure for Spring Boot projects.

Cloud SQL Socket Factory


Works with non Spring Boot projects.

Cloud SQL Proxy

Offloads authentication to proxy.

VPC Private IP

Access via VPC. Can be used with all of the other methods above.

Cloud SQL Starter

When using Spring Boot, you can use Spring Cloud GCP's Cloud SQL starter.

Cloud SQL starter will automatically:

  • Add dependency to the corresponding JDBC driver, and the Cloud SQL socket factory. You do not need to add those dependency separately.

  • Configure the JDBC URL for the corresponding database instance.


Add the Cloud SQL Starter dependency:




dependencies {
    compile group: '', name: 'spring-cloud-gcp-starter-sql-mysql'


Configure Spring Boot application' with Instance Connection Name and the database name:
# Retrieve instance connection name from the previous step

# Cloud SQL starter automatically configures the JDBC URL

# Configure username/password

# Configure connection pooling if needed


Cloud SQL Socket Factory

If you don't use Spring Cloud GCP's Cloud SQL starter, and need to configure JDBC URL directly, you can use Cloud SQL Socket Factory with existing JDBC driver.


In addition to the JDBC Driver dependency, add the Cloud SQL Socket Factory dependency:




dependencies {
    compile ''

Different MySQL Socket Factory artifact is needed for different MySQL Connector/J versions. See MySQL Socket Factory README for more information.


MySQL instance's JDBC URL with Cloud SQL Socket Factory follows the format of:


The JDBC URL for the Cloud SQL instance in this example is:


Cloud SQL Proxy

Cloud SQL Proxy is the generic way of establishing secured connection to a Cloud SQL instance. Rather than using the Cloud SQL Socket Factory to exchange certificates, Cloud SQL Proxy will authenticate and exchange the certificates.

Install Cloud SQL Proxy:

gcloud components install cloud_sql_proxy

Start the proxy:

# Refer to Instance Connection Name from previous section
cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:3306

You can then establish connections on localhost with the corresponding ports.

Connect with mysql CLI:

mysql -u root -p

Or, connect with JDBC using JDBC URL:


Unix Socket Domain

You can optionally configure Cloud SQL Proxy to expose not a TCP IP port, but using Unix Socket Domain instead, and configure the Cloud SQL Socket Factory to connect using the Unix Socket Domain. See Connect External App documentation for more details.

VPC Private IP

If your Cloud SQL instance is on VPC and has a private IP, and your application is running in the Cloud able to access the same VPC, then configure JDBC drivers normally connecting to the private IP address.


You can use R2DBC driver for reactive database access when you connect to Cloud SQL instances using:

  • Cloud SQL Proxy

  • VPC Private IP

  • Using R2DBC Cloud SQL Connector

Cloud SQL Proxy or VPC Private IP

You can use standard R2DBC driver to connect using the IP address. See R2DBC documentation for corresponding driver usages:

Cloud SQL Connector

You can use R2DBC Cloud SQL Connector that automatically exchanges the certificates like the Cloud SQL Socket Factory.

See Cloud SQL Socket Factory README for more information on configuring the R2DBC driver for Cloud SQL.

Last updated