Connect using a MySQL client

MySQL | PostgreSQL | SQL Server

You can use the MySQL command-line client to connect to Cloud SQL. This page describes how to connect a mysql client to your Cloud SQL instance, whether running locally on your client machine, on a Compute Engine VM, or in the Cloud Shell.

Before you begin

Before you can use a mysql client to connect to your Cloud SQL instance, do the following:

Create a Cloud SQL instance, including configuring the default user.

See Create instances and Set the password for the default user account.
Optionally, create a Compute Engine VM instance and then connected to the instance using SSH.

See Create and start a VM instance, About SSH connections, or Connect to Windows VMs using RDP.
Determine how you'll connect to your instance.

For the connection options and how to choose from among them, see About connection options.

Use a MySQL client on a local machine or a Compute Engine VM

Using a mysql client to connect to your Cloud SQL instance involves three high-level tasks:

Install the client.
Configure access to your Cloud SQL instance.
Connect to your Cloud SQL instance.

Install the client

To install the mysql client, do the following:

Download the MySQL Community Server for your platform from the MySQL Community Server download page.
The Community Server includes the MySQL client.
Install the Community Server, following the directions on the download page.

For more information about installing MySQL, see Installing and Upgrading MySQL.

Configure access to your Cloud SQL instance

To configure access to your instance, do the following:

From the client machine or Compute Engine VM instance, use What's my IP to see the IP address of the client machine.
Copy that IP address.
In the Google Cloud console, go to the Cloud SQL Instances page.

Go to Cloud SQL Instances
To open the Overview page of an instance, click the instance name.
Select Connections from the SQL navigation menu.
Select the Networking tab.
In the Authorized networks section, click Add network and enter the IP address of the machine where the client is installed.
Note: The IP address of the instance and the mysql client IP address you authorize must be the same IP version: either IPv4 or IPv6.
Click Done. Then click Save at the bottom of the page to save your changes.
Connect to your instance, either using SSL/TLS or without encryption (without using SSL/TLS).

Connect to your Cloud SQL instance without encryption

To let you connect without encryption, the instance must have SSL mode set to ALLOW_UNENCRYPTED_AND_ENCRYPTED. In the Google Cloud console, the equivalent configuration is Allow unencrypted network traffic.

For more information about the SSL/TLS configuration of your instance, see Configure SSL/TLS certificates.

To connect to your instance, do the following:

Confirm that you have installed the client and configured access to your instance.

Start the mysql client:

mysql --ssl-mode=DISABLED --host=INSTANCE_IP_ADDRESS --user=root --password

Enter your password.
The mysql prompt appears.

Connect to your Cloud SQL instance using SSL/TLS

To connect to your instance using SSL/TLS and built-in authentication:

Before you begin, confirm that you have installed the client and configured access to your instance.

Start the mysql client:
```
mysql --ssl-mode=REQUIRED \
   --host=INSTANCE_IP_ADDRESS \
   --user=root --password
```
Warning: Don't include the --ssl-mode flag in the command if you are using a MariaDB client to connect to the MySQL instance. Use the client from the MySQL community server instead.
Enter the password.
At the MySQL prompt, enter the \s command to verify that your connection is using SSL/TLS.
Look for the output line with SSL:.
```
...
SSL:                     Cipher in use is DHE-RSA-AES256-SHA
...
```
Warning: MySQL client versions prior to 5.7.3 consider the --ssl options as advisory, and silently fall back to unencrypted connections if the server does not accept an encrypted connection. For more information, see Using Encrypted Connections in the MySQL Reference Manual. To avoid this issue, you can configure the instance so that only SSL/TLS connections can connect to it (for more information, see Configuring SSL for Instances).

For information about troubleshooting connection issues, see Debug connection issues.

Connect to your Cloud SQL instance using SSL/TLS and client certificate verification

If ssl_mode on your Cloud SQL instance is configured to TRUSTED_CLIENT_CERTIFICATE_REQUIRED, then you must also provide a verified client identity when you log in.

To connect using SSL/TLS certificates with client verification, you need the following:

A client public key certificate in a client-cert.pem file.
A client private key in a client-key.pem file.

In addition, to let the client verify the server's identity for mutual authentication, specify the server certificate server-ca.pem.

For example, to start the mysql client:

    mysql --ssl-mode=VERIFY_CA \
      --ssl-ca=server-ca.pem \
      --ssl-cert=client-cert.pem \
      --ssl-key=client-key.pem \
      --host=INSTANCE_IP_ADDRESS \
      --user=root --password

If you do not have a client certificate and a corresponding private key, then create a new client certificate.

Using the client in the Cloud Shell

To connect to a Cloud SQL instance (public IP only):

Go to the Google Cloud console.
Go to the Google Cloud console
Click the Cloud Shell icon towards the right in the toolbar.
The Cloud Shell takes a few moments to initialize.
At the Cloud Shell prompt, use the built-in client to connect to your Cloud SQL instance:
```
gcloud sql connect INSTANCE_ID \
--user=root
```
Enter your password.

The gcloud sql connect command does not support connecting to a Cloud SQL instance using private IP, or using SSL/TLS. To connect with encryption, install and use the proxy in the Cloud Shell:

Install the proxy (Linux 64-bit) in the /home/USER directory.
Start the proxy, using gcloud CLI authentication:
```
./cloud-sql-proxy INSTANCE_CONNECTION_NAME &
```
Connect to the database by using the TCP connection:
```
mysql -u USERNAME -p --host=127.0.0.1
```

What's next

Learn about configuring an instance with a private IP address.
Learn about options for connecting to your instance from your application.
Learn about the mysql client.

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how Cloud SQL performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try Cloud SQL free