Connect using a MySQL client

You can use the MySQL command-line client to connect to Cloud SQL. This page describes how to connect a mysql client to your Cloud SQL instance, whether running locally on your client machine, on a Compute Engine VM, or in the Cloud Shell.

Before you begin

Before you can use a mysql client to connect to your Cloud SQL instance, do the following:

Use a MySQL client on a local machine or a Compute Engine VM

Using a mysql client to connect to your Cloud SQL instance involves three high-level tasks:

  1. Install the client.
  2. Configure access to your Cloud SQL instance.
  3. Connect to your Cloud SQL instance.

Install the client

To install the mysql client, do the following:

  1. Download the MySQL Community Server for your platform from the MySQL Community Server download page.
    The Community Server includes the MySQL client.
  2. Install the Community Server, following the directions on the download page.

For more information about installing MySQL, see Installing and Upgrading MySQL.

Configure access to your Cloud SQL instance

To configure access to your instance, do the following:

  1. From the client machine or Compute Engine VM instance, use What's my IP to see the IP address of the client machine.
  2. Copy that IP address.
  3. In the Google Cloud console, go to the Cloud SQL Instances page.

    Go to Cloud SQL Instances

  4. To open the Overview page of an instance, click the instance name.
  5. Select Connections from the SQL navigation menu.
  6. Select the Networking tab.
  7. In the Authorized networks section, click Add network and enter the IP address of the machine where the client is installed.
  8. Click Done. Then click Save at the bottom of the page to save your changes.
  9. Connect to your instance, either using SSL/TLS or without encryption (without using SSL/TLS).

Connect to your Cloud SQL instance without encryption

To let you connect without encryption, the instance must have SSL mode set to ALLOW_UNENCRYPTED_AND_ENCRYPTED. In the Google Cloud console, the equivalent configuration is Allow unencrypted network traffic.

For more information about the SSL/TLS configuration of your instance, see Configure SSL/TLS certificates.

To connect to your instance, do the following:

  1. Confirm that you have installed the client and configured access to your instance.
  2. Start the mysql client:
    mysql --ssl-mode=DISABLED --host=INSTANCE_IP_ADDRESS --user=root --password
    
  3. Enter your password.
  4. The mysql prompt appears.

Connect to your Cloud SQL instance using SSL/TLS

To connect to your instance using SSL/TLS and built-in authentication:

Before you begin, confirm that you have installed the client and configured access to your instance.

  1. Start the mysql client:
    mysql --ssl-mode=REQUIRED \
       --host=INSTANCE_IP_ADDRESS \
       --user=root --password
    
  2. Enter the password.
  3. At the MySQL prompt, enter the \s command to verify that your connection is using SSL/TLS.
  4. Look for the output line with SSL:.
    ...
    SSL:                     Cipher in use is DHE-RSA-AES256-SHA
    ...
    

    For information about troubleshooting connection issues, see Debug connection issues.

Connect to your Cloud SQL instance using SSL/TLS and client certificate verification

If ssl_mode on your Cloud SQL instance is configured to TRUSTED_CLIENT_CERTIFICATE_REQUIRED, then you must also provide a verified client identity when you log in.

To connect using SSL/TLS certificates with client verification, you need the following:

  • A client public key certificate in a client-cert.pem file.
  • A client private key in a client-key.pem file.

In addition, to let the client verify the server's identity for mutual authentication, specify the server certificate server-ca.pem.

For example, to start the mysql client:
    mysql --ssl-mode=VERIFY_CA \
      --ssl-ca=server-ca.pem \
      --ssl-cert=client-cert.pem \
      --ssl-key=client-key.pem \
      --host=INSTANCE_IP_ADDRESS \
      --user=root --password
   

If you do not have a client certificate and a corresponding private key, then create a new client certificate.

Using the client in the Cloud Shell

To connect to a Cloud SQL instance (public IP only):

  1. Go to the Google Cloud console.

    Go to the Google Cloud console

  2. Click the Cloud Shell icon towards the right in the toolbar.

    The Cloud Shell takes a few moments to initialize.

  3. At the Cloud Shell prompt, use the built-in client to connect to your Cloud SQL instance:
    gcloud sql connect INSTANCE_ID \
    --user=root
    
  4. Enter your password.

The gcloud sql connect command does not support connecting to a Cloud SQL instance using private IP, or using SSL/TLS. To connect with encryption, install and use the proxy in the Cloud Shell:

  1. Install the proxy (Linux 64-bit) in the /home/USER directory.
  2. Start the proxy, using gcloud CLI authentication:

    ./cloud-sql-proxy INSTANCE_CONNECTION_NAME &

  3. Connect to the database by using the TCP connection:

    mysql -u USERNAME -p --host=127.0.0.1

What's next

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how Cloud SQL performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try Cloud SQL free