使用 Go 的 database/sql 软件包为与 Cloud SQL for PostgreSQL 的 TCP 连接配置 SSL(安全套接字层)证书。
代码示例
Go
如需向 Cloud SQL for PostgreSQL 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅Google Cloud 示例浏览器。
使用 Go 为 TCP 连接配置 SSL 证书
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],[],[],[],null,["# Configure SSL certificates for TCP connection by using Go\n\nConfigure SSL (Secure Sockets Layer) certificates for a TCP connection to Cloud SQL for PostgreSQL by using Go's database/sql package.\n\nCode sample\n-----------\n\n### Go\n\n\nTo authenticate to Cloud SQL for PostgreSQL, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n package cloudsql\n\n import (\n \t\"database/sql\"\n \t\"fmt\"\n \t\"log\"\n \t\"os\"\n\n \t// Note: If connecting using the App Engine Flex Go runtime, use\n \t// \"github.com/jackc/pgx/stdlib\" instead, since v5 requires\n \t// Go modules which are not supported by App Engine Flex.\n \t_ \"github.com/jackc/pgx/v5/stdlib\"\n )\n\n // connectTCPSocket initializes a TCP connection pool for a Cloud SQL\n // instance of Postgres.\n func connectTCPSocket() (*sql.DB, error) {\n \tmustGetenv := func(k string) string {\n \t\tv := os.Getenv(k)\n \t\tif v == \"\" {\n \t\t\tlog.Fatalf(\"Fatal Error in connect_tcp.go: %s environment variable not set.\", k)\n \t\t}\n \t\treturn v\n \t}\n \t// Note: Saving credentials in environment variables is convenient, but not\n \t// secure - consider a more secure solution such as\n \t// Cloud Secret Manager (https://cloud.google.com/secret-manager) to help\n \t// keep secrets safe.\n \tvar (\n \t\tdbUser = mustGetenv(\"DB_USER\") // e.g. 'my-db-user'\n \t\tdbPwd = mustGetenv(\"DB_PASS\") // e.g. 'my-db-password'\n \t\tdbTCPHost = mustGetenv(\"INSTANCE_HOST\") // e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)\n \t\tdbPort = mustGetenv(\"DB_PORT\") // e.g. '5432'\n \t\tdbName = mustGetenv(\"DB_NAME\") // e.g. 'my-database'\n \t)\n\n \tdbURI := fmt.Sprintf(\"host=%s user=%s password=%s port=%s database=%s\",\n \t\tdbTCPHost, dbUser, dbPwd, dbPort, dbName)\n\n \t// (OPTIONAL) Configure SSL certificates\n \t// For deployments that connect directly to a Cloud SQL instance without\n \t// using the Cloud SQL Proxy, configuring SSL certificates will ensure the\n \t// connection is encrypted.\n \tif dbRootCert, ok := os.LookupEnv(\"DB_ROOT_CERT\"); ok { // e.g., '/path/to/my/server-ca.pem'\n \t\tvar (\n \t\t\tdbCert = mustGetenv(\"DB_CERT\") // e.g. '/path/to/my/client-cert.pem'\n \t\t\tdbKey = mustGetenv(\"DB_KEY\") // e.g. '/path/to/my/client-key.pem'\n \t\t)\n \t\tdbURI += fmt.Sprintf(\" sslmode=require sslrootcert=%s sslcert=%s sslkey=%s\",\n \t\t\tdbRootCert, dbCert, dbKey)\n \t}\n\n \t// dbPool is the pool of database connections.\n \tdbPool, err := sql.Open(\"pgx\", dbURI)\n \tif err != nil {\n \t\treturn nil, fmt.Errorf(\"sql.Open: %w\", err)\n \t}\n\n \t// ...\n\n \treturn dbPool, nil\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloud_sql_postgres)."]]