Configure SSL certificates for TCP connection by using Python
Stay organized with collections
Save and categorize content based on your preferences.
Configure SSL (Secure Sockets Layer) certificates for a TCP connection to Cloud SQL for MySQL by using Python's sqlalchemy package.
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Configure SSL certificates for TCP connection by using Python\n\nConfigure SSL (Secure Sockets Layer) certificates for a TCP connection to Cloud SQL for MySQL by using Python's sqlalchemy package.\n\nCode sample\n-----------\n\n### Python\n\n\nTo authenticate to Cloud SQL for MySQL, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import os\n\n import sqlalchemy\n\n\n def connect_tcp_socket() -\u003e sqlalchemy.engine.base.Engine:\n \"\"\"Initializes a TCP connection pool for a Cloud SQL instance of MySQL.\"\"\"\n # Note: Saving credentials in environment variables is convenient, but not\n # secure - consider a more secure solution such as\n # Cloud Secret Manager (https://cloud.google.com/secret-manager) to help\n # keep secrets safe.\n db_host = os.environ[\n \"INSTANCE_HOST\"\n ] # e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)\n db_user = os.environ[\"DB_USER\"] # e.g. 'my-db-user'\n db_pass = os.environ[\"DB_PASS\"] # e.g. 'my-db-password'\n db_name = os.environ[\"DB_NAME\"] # e.g. 'my-database'\n db_port = os.environ[\"DB_PORT\"] # e.g. 3306\n\n connect_args = {}\n # For deployments that connect directly to a Cloud SQL instance without\n # using the Cloud SQL Proxy, configuring SSL certificates will ensure the\n # connection is encrypted.\n if os.environ.get(\"DB_ROOT_CERT\"):\n db_root_cert = os.environ[\"DB_ROOT_CERT\"] # e.g. '/path/to/my/server-ca.pem'\n db_cert = os.environ[\"DB_CERT\"] # e.g. '/path/to/my/client-cert.pem'\n db_key = os.environ[\"DB_KEY\"] # e.g. '/path/to/my/client-key.pem'\n\n ssl_args = {\"ssl_ca\": db_root_cert, \"ssl_cert\": db_cert, \"ssl_key\": db_key}\n connect_args = ssl_args\n\n pool = sqlalchemy.create_engine(\n # Equivalent URL:\n # mysql+pymysql://\u003cdb_user\u003e:\u003cdb_pass\u003e@\u003cdb_host\u003e:\u003cdb_port\u003e/\u003cdb_name\u003e\n sqlalchemy.engine.url.URL.create(\n drivername=\"mysql+pymysql\",\n username=db_user,\n password=db_pass,\n host=db_host,\n port=db_port,\n database=db_name,\n ),\n connect_args=connect_args,\n # ...\n )\n return pool\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloud_sql_mysql)."]]