Connecting using the Cloud SQL connectors

The Cloud SQL connectors are libraries that provide encryption and IAM-based authorization when connecting to a Cloud SQL instance. They can't provide a network path to a Cloud SQL instance if one is not already present.

Other ways to connect to a Cloud SQL instance include using a database client or the Cloud SQL Auth proxy. See the Connecting Overview page for more information on connecting to a Cloud SQL instance.

This page discusses the following Cloud SQL connectors:

  • The Cloud SQL Java connector

Before you begin

Before you can connect to a Cloud SQL instance, you must have:

  • Enabled the Cloud SQL Admin API

    Enable the API

  • Created a Cloud SQL instance, including configuring the default user.

    For more information about creating instances, see Creating Instances.

    For more information about configuring the default user, see Configuring the default user account.

  • For more information about connecting to a Cloud SQL instance, see the Connecting overview page.

Setup

Java

For instructions on using drivers for JDBC and R2DBC with the Cloud SQL Java connector, see the following links:

JDBC: Connecting to SQL Server using JDBC.

R2DBC: Connecting to SQL Server using R2DBC.

For examples of this library being used in the context of an application, check out these sample applications.

Authentication

This library uses Application Default Credentials to authenticate the connection to the Cloud SQL server.

To activate credentials locally, use the following gcloud command:

    gcloud auth application-default login
    

Usage

Java

To see this snippet in the context of a web application, view the README on GitHub.

// Note: For Java users, the Cloud SQL JDBC Socket Factory can provide authenticated connections
// which is preferred to using the Cloud SQL Proxy with Unix sockets.
// See https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory for details.

// The configuration object specifies behaviors for the connection pool.
HikariConfig config = new HikariConfig();

// The following is equivalent to setting the config options below:
// jdbc:sqlserver://;user=<DB_USER>;password=<DB_PASS>;databaseName=<DB_NAME>;
// socketFactoryClass=com.google.cloud.sql.sqlserver.SocketFactory;
// socketFactoryConstructorArg=<CLOUD_SQL_CONNECTION_NAME>

// See the link below for more info on building a JDBC URL for the Cloud SQL JDBC Socket Factory
// https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory#creating-the-jdbc-url

// Configure which instance and what database user to connect with.
config
    .setDataSourceClassName("com.microsoft.sqlserver.jdbc.SQLServerDataSource");
config.setUsername(DB_USER); // e.g. "root", "sqlserver"
config.setPassword(DB_PASS); // e.g. "my-password"
config.addDataSourceProperty("databaseName", DB_NAME);

config.addDataSourceProperty("socketFactoryClass",
    "com.google.cloud.sql.sqlserver.SocketFactory");
config.addDataSourceProperty("socketFactoryConstructorArg", CLOUD_SQL_CONNECTION_NAME);

// ... Specify additional connection properties here.

// ...

// Initialize the connection pool using the configuration object.
DataSource pool = new HikariDataSource(config);

Troubleshooting

Firewall configuration

The Cloud SQL Auth proxy establishes connections to Cloud SQL instances using port 3307. Applications that are protected by a firewall may need to be configured to allow outgoing connections on TCP port 3307. A connection blocked by a firewall typically results in an error stating connection failure. For example, com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure.

Connect with IntelliJ

In order to connect IntelliJ to your Cloud SQL instance, you will need to add the library as a jar with dependencies in the Additional Files section on the driver settings page. For example, prebuilt fat jars can be found on the Cloud SQL Java connector Releases page for this purpose.

Driver versions

Make sure you are using the latest version of the Cloud SQL connectors and your database driver to avoid incompatibilities. Some older versions of drivers are not supported

Connection paths

The Cloud SQL connectors provide authorization for connections, but they don't provide new paths to connectivity. For example, in order to connect to a Cloud SQL instance using a Private IP address, your application must already have VPC access. In order to connect to a Cloud SQL instance using a Public IP address, your application must be in an authorized network.

Debugging connection issues

For additional help with connection issues, see the Troubleshooting and Debugging connection issues pages.

What's next