Mengonfigurasi sertifikat SSL untuk koneksi TCP menggunakan Go
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Konfigurasikan sertifikat SSL (Secure Sockets Layer) untuk koneksi TCP ke Cloud SQL untuk PostgreSQL dengan menggunakan paket database/sql Go.
Contoh kode
Kecuali dinyatakan lain, konten di halaman ini dilisensikan berdasarkan Lisensi Creative Commons Attribution 4.0, sedangkan contoh kode dilisensikan berdasarkan Lisensi Apache 2.0. Untuk mengetahui informasi selengkapnya, lihat Kebijakan Situs Google Developers. Java adalah merek dagang terdaftar dari Oracle dan/atau afiliasinya.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],[],[],[],null,["# Configure SSL certificates for TCP connection by using Go\n\nConfigure SSL (Secure Sockets Layer) certificates for a TCP connection to Cloud SQL for PostgreSQL by using Go's database/sql package.\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Cloud SQL for PostgreSQL, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n package cloudsql\n\n import (\n \t\"database/sql\"\n \t\"fmt\"\n \t\"log\"\n \t\"os\"\n\n \t// Note: If connecting using the App Engine Flex Go runtime, use\n \t// \"github.com/jackc/pgx/stdlib\" instead, since v5 requires\n \t// Go modules which are not supported by App Engine Flex.\n \t_ \"github.com/jackc/pgx/v5/stdlib\"\n )\n\n // connectTCPSocket initializes a TCP connection pool for a Cloud SQL\n // instance of Postgres.\n func connectTCPSocket() (*sql.DB, error) {\n \tmustGetenv := func(k string) string {\n \t\tv := os.Getenv(k)\n \t\tif v == \"\" {\n \t\t\tlog.Fatalf(\"Fatal Error in connect_tcp.go: %s environment variable not set.\", k)\n \t\t}\n \t\treturn v\n \t}\n \t// Note: Saving credentials in environment variables is convenient, but not\n \t// secure - consider a more secure solution such as\n \t// Cloud Secret Manager (https://cloud.google.com/secret-manager) to help\n \t// keep secrets safe.\n \tvar (\n \t\tdbUser = mustGetenv(\"DB_USER\") // e.g. 'my-db-user'\n \t\tdbPwd = mustGetenv(\"DB_PASS\") // e.g. 'my-db-password'\n \t\tdbTCPHost = mustGetenv(\"INSTANCE_HOST\") // e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)\n \t\tdbPort = mustGetenv(\"DB_PORT\") // e.g. '5432'\n \t\tdbName = mustGetenv(\"DB_NAME\") // e.g. 'my-database'\n \t)\n\n \tdbURI := fmt.Sprintf(\"host=%s user=%s password=%s port=%s database=%s\",\n \t\tdbTCPHost, dbUser, dbPwd, dbPort, dbName)\n\n \t// (OPTIONAL) Configure SSL certificates\n \t// For deployments that connect directly to a Cloud SQL instance without\n \t// using the Cloud SQL Proxy, configuring SSL certificates will ensure the\n \t// connection is encrypted.\n \tif dbRootCert, ok := os.LookupEnv(\"DB_ROOT_CERT\"); ok { // e.g., '/path/to/my/server-ca.pem'\n \t\tvar (\n \t\t\tdbCert = mustGetenv(\"DB_CERT\") // e.g. '/path/to/my/client-cert.pem'\n \t\t\tdbKey = mustGetenv(\"DB_KEY\") // e.g. '/path/to/my/client-key.pem'\n \t\t)\n \t\tdbURI += fmt.Sprintf(\" sslmode=require sslrootcert=%s sslcert=%s sslkey=%s\",\n \t\t\tdbRootCert, dbCert, dbKey)\n \t}\n\n \t// dbPool is the pool of database connections.\n \tdbPool, err := sql.Open(\"pgx\", dbURI)\n \tif err != nil {\n \t\treturn nil, fmt.Errorf(\"sql.Open: %w\", err)\n \t}\n\n \t// ...\n\n \treturn dbPool, nil\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloud_sql_postgres)."]]