You can use the MySQL command-line client to connect to Cloud SQL. This
page describes how to connect a
mysql
client to your Cloud SQL instance,
whether running locally on your client machine, on a Compute Engine VM,
or in the Cloud Shell.
Before you begin
Before you can use a mysql
client to connect to your Cloud SQL
instance, do the following:
-
Create a Cloud SQL instance, including configuring the default user.
See Create instances and Set the password for the default user account.
Optionally, create a Compute Engine VM instance and then connected to the instance using SSH.
See Create and start a VM instance, About SSH connections, or Connect to Windows VMs using RDP.
Determine how you'll connect to your instance.
For the connection options and how to choose from among them, see About connection options.
Use a MySQL client on a local machine or a Compute Engine VM
Using a mysql
client to connect to your Cloud SQL
instance involves three high-level tasks:
- Install the client.
- Configure access to your Cloud SQL instance.
- Connect to your Cloud SQL instance.
Install the client
To install the mysql
client, do the following:
- Download the MySQL Community Server for your platform from the
MySQL Community Server download page.
The Community Server includes the MySQL client. - Install the Community Server, following the directions on the download page.
For more information about installing MySQL, see Installing and Upgrading MySQL.
Configure access to your Cloud SQL instance
To configure access to your instance, do the following:
- From the client machine or Compute Engine VM instance, use What's my IP to see the IP address of the client machine.
- Copy that IP address.
-
In the Google Cloud console, go to the Cloud SQL Instances page.
- To open the Overview page of an instance, click the instance name.
- Select Connections from the SQL navigation menu.
- Select the Networking tab.
- In the Authorized networks section, click Add network and enter the IP address of the machine where the client is installed.
- Click Done. Then click Save at the bottom of the page to save your changes.
- Connect to your instance, either using SSL/TLS or without encryption (without using SSL/TLS).
Connect to your Cloud SQL instance without encryption
To let you connect without encryption, the instance must have
SSL mode
set to ALLOW_UNENCRYPTED_AND_ENCRYPTED
. In the Google Cloud console,
the equivalent configuration is Allow unencrypted network traffic.
For more information about the SSL/TLS configuration of your instance, see Configure SSL/TLS certificates.
To connect to your instance, do the following:
- Confirm that you have installed the client and configured access to your instance.
- Start the
mysql
client:mysql --ssl-mode=DISABLED --host=INSTANCE_IP_ADDRESS --user=root --password
- Enter your password.
- The mysql prompt appears.
Connect to your Cloud SQL instance using SSL/TLS
To connect to your instance using SSL/TLS and built-in authentication:
Before you begin, confirm that you have installed the client and configured access to your instance.
- Start the
mysql
client:mysql --ssl-mode=REQUIRED \ --host=INSTANCE_IP_ADDRESS \ --user=root --password
- Enter the password.
- At the MySQL prompt, enter the
\s
command to verify that your connection is using SSL/TLS. -
Look for the output line with SSL:.
... SSL: Cipher in use is DHE-RSA-AES256-SHA ...
For information about troubleshooting connection issues, see Debug connection issues.
Connect to your Cloud SQL instance using SSL/TLS and client certificate verification
If ssl_mode
on your Cloud SQL instance is configured to
TRUSTED_CLIENT_CERTIFICATE_REQUIRED
,
then you must also provide a verified client identity when you log in.
To connect using SSL/TLS certificates with client verification, you need the following:
- A client public key certificate in a client-cert.pem file.
- A client private key in a client-key.pem file.
In addition, to let the client verify the server's identity for mutual authentication, specify the server certificate server-ca.pem.
For example, to start themysql
client:
mysql --ssl-mode=VERIFY_CA \ --ssl-ca=server-ca.pem \ --ssl-cert=client-cert.pem \ --ssl-key=client-key.pem \ --host=INSTANCE_IP_ADDRESS \ --user=root --password
If you do not have a client certificate and a corresponding private key, then create a new client certificate.
Using the client in the Cloud Shell
To connect to a Cloud SQL instance (public IP only):
- Go to the Google Cloud console.
- Click the Cloud Shell icon
towards the right in the toolbar. The Cloud Shell takes a few moments to initialize.
- At the Cloud Shell prompt, use the built-in
client to connect to your Cloud SQL instance:
gcloud sql connect INSTANCE_ID \ --user=root
- Enter your password.
The gcloud sql connect
command does not support connecting
to a Cloud SQL instance using private IP, or using SSL/TLS. To connect
with encryption, install and use the proxy in the Cloud Shell:
- Install the proxy (Linux 64-bit) in the
/home/USER
directory. - Start the proxy, using gcloud CLI authentication:
./cloud-sql-proxy INSTANCE_CONNECTION_NAME &
- Connect to the database by using the TCP connection:
mysql -u USERNAME -p --host=127.0.0.1
What's next
- Learn about configuring an instance with a private IP address.
- Learn about options for connecting to your instance from your application.
- Learn about the
mysql
client.
Try it for yourself
If you're new to Google Cloud, create an account to evaluate how Cloud SQL performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
Try Cloud SQL free