Understanding AlloyDB connectors
Developer Advocate, Google Cloud
Senior Software Engineer, Google Cloud
Connecting to a database can be one of the most challenging parts of setting up a new application. Even after setup, keeping your application up to date with the latest recommended security practices can seem like a full-time job. Whether you’re already using the power of AlloyDB for your most demanding workloads, or if you’re just looking to experiment with new functionality like AlloyDB AI, the AlloyDB connectors make it easy to connect your applications securely to your fully-managed PostgreSQL database.
Meet the connectors
AlloyDB connectors provide an automated mTLS connection with Cloud IAM integration for your application and they are available in library and binary form. AlloyDB has connectors for Java, Python, and Go. If your application is written in one of those languages, we recommend starting with the language-specific connector. Otherwise, the AlloyDB Auth proxy is a good choice. The Auth Proxy is a binary that can be run as a sidecar or background process, and works for any language that connects over a TCP or Unix Domain socket.
All of the connectors create a secure tunnel between your application and your AlloyDB instance. The following diagram shows a simplified version of that architecture:
When to use a connector
For people who are already familiar with how to connect directly, it’s perfectly fine to continue in the traditional approach. However, if you’re looking to offload as much work as possible onto AlloyDB, then a connector will conveniently provide automated mTLS 1.3 encryption and enforce IAM permissions.
Since its launch, AlloyDB has supported TLS 1.3 encryption. AlloyDB instances can also be configured to require all clients use encryption. While it’s possible to write your own code to connect to AlloyDB securely, doing so with the AlloyDB connectors has several major benefits:
- Convenience - Benefit from automated mTLS with tight IAM integration.
- Connection authorization - Control who can connect (not just log in!) to your database via IAM roles and permissions.
- Connector enforcement - Ensure the highest level of connection security, by enforcing connections use the AlloyDB connectors.
- Open standards - The connectors build on the existing standards established by database drivers, so using them is as simple as adding a dependency to your app with a few lines of code.
- Open source - All the connectors are open source and actively maintained on GitHub. Google provides examples for each of the connectors: Java, Python, Go, and AlloyDB Auth proxy.
Using an AlloyDB connector means letting Google software engineers handle the code connecting your application to the database so you can spend your time building a better product for your users.