Generates a short-lived X509 certificate containing the provided public key and signed by a private key specific to the target instance. Users may use the certificate to authenticate as themselves when connecting to the database.
HTTP request
POST https://sqladmin.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}:generateEphemeralCert
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
project |
Project ID of the project that contains the instance. |
instance |
Cloud SQL instance ID. This does not include the project ID. |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "public_key": string, "access_token": string, "readTime": string, "validDuration": string } |
| Fields | |
|---|---|
public_key |
PEM encoded public key to include in the signed certificate. |
access_token |
Optional. Access token to include in the signed certificate. |
readTime |
Optional. Optional snapshot read timestamp to trade freshness for performance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
validDuration |
Optional. If set, it will contain the cert valid duration. A duration in seconds with up to nine fractional digits, ending with ' |
Response body
If successful, the response body contains data with the following structure:
Ephemeral certificate creation request.
| JSON representation |
|---|
{
"ephemeralCert": {
object ( |
| Fields | |
|---|---|
ephemeralCert |
Generated cert |
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/sqlservice.admin
For more information, see the Authentication Overview.