Method: connect.generateEphemeralCert

Generates a short-lived X509 certificate containing the provided public key and signed by a private key specific to the target instance. Users may use the certificate to authenticate as themselves when connecting to the database.

HTTP request

POST https://sqladmin.googleapis.com/v1/projects/{project}/instances/{instance}:generateEphemeralCert

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID of the project that contains the instance.

instance

string

Cloud SQL instance ID. This does not include the project ID.

Request body

The request body contains data with the following structure:

JSON representation
{
  "public_key": string,
  "access_token": string,
  "readTime": string,
  "validDuration": string
}
Fields
public_key

string

PEM encoded public key to include in the signed certificate.

access_token

string

Optional. Access token to include in the signed certificate.

readTime

string (Timestamp format)

Optional. Optional snapshot read timestamp to trade freshness for performance.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

validDuration

string (Duration format)

Optional. If set, it will contain the cert valid duration.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

Response body

If successful, the response body contains data with the following structure:

Ephemeral certificate creation request.

JSON representation
{
  "ephemeralCert": {
    object (SslCert)
  }
}
Fields
ephemeralCert

object (SslCert)

Generated cert

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/sqlservice.admin

For more information, see the Authentication Overview.