Generates a short-lived X509 certificate containing the provided public key and signed by a private key specific to the target instance. Users may use the certificate to authenticate as themselves when connecting to the database.
HTTP request
POST https://sqladmin.googleapis.com/v1/projects/{project}/instances/{instance}:generateEphemeralCert
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
project |
Project ID of the project that contains the instance. |
instance |
Cloud SQL instance ID. This does not include the project ID. |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "public_key": string, "access_token": string, "readTime": string, "validDuration": string } |
Fields | |
---|---|
public_key |
PEM encoded public key to include in the signed certificate. |
access_token |
Optional. Access token to include in the signed certificate. |
readTime |
Optional. Optional snapshot read timestamp to trade freshness for performance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
validDuration |
Optional. If set, it will contain the cert valid duration. A duration in seconds with up to nine fractional digits, ending with ' |
Response body
If successful, the response body contains data with the following structure:
Ephemeral certificate creation request.
JSON representation |
---|
{
"ephemeralCert": {
object ( |
Fields | |
---|---|
ephemeralCert |
Generated cert |
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/sqlservice.admin
For more information, see the Authentication Overview.