Step 7. Specify Security Settings

[This step is available if you have selected the Restore to a new location, or with different settings option at the Restore Mode step of the wizard.]

At the Security step of the wizard, choose whether you want to connect to the restored Cloud SQL instance using TLS only, and choose whether you want to encrypt the restored Cloud SQL instance with customer-managed encryption keys (CMEKs). For more information on CMEKs, see Google Cloud documentation.

Secure Connection Settings

To specify secure connection settings, do the following:

  1. In the SQL Instance list, select the necessary Cloud SQL instance and click Security.
  1. In the Security Settings window, specify the security connection settings:
  • If you want connect to the restored Cloud SQL instance using TLS, from the Security Mode drop-down list, select Allow only secure connections (TLS).

Since TLS connections use digital certificates to provide encrypted access,before you connect to the restored instance using SSL make sure you have obtained a Certificate Authority (CA) certificate, a client public key certificate, and a client private key. For more information, see Google Cloud documentation.

  • If you do not want to connect to the restored Cloud SQL instance using TLS, from the Security Mode drop-down list, select Allow any connections.

Step 7. Specify Security Settings 

Encryption Settings

To specify encryption settings, do one of the following:

  1. In the SQL Instance list, select the necessary Cloud SQL instance and click Encryption.
  1. In the Security Settings window, specify encryption settings:
  • If you do not want to encrypt persistent disks or want to apply the existing encryption scheme, select the Preserve the original encryption settings option. Then click OK.

Note

The Preserve the original encryption settings option is disabled if the encryption key is not available in the region where the Cloud SQL instance will be restored.

  • If you want to encrypt persistent disks, select the Use the following encryption key option. From the list of available encryption keys, select the required CMEK. Then click OK.

For a CMEK to be displayed in the list of available encryption keys, it must be stored in the region selected at the Data Center step.

Step 7. Specify Security Settings