Step 7. Configure Security Settings
[This step applies only if you have selected the Restore to a new location, or with different settings option at the Restore Mode step of the wizard]
At the Security step of the wizard, you can configure specific security settings for the restored Cloud SQL instance. To do that, select the instance and do the following:
- If you want to connect to the restored Cloud SQL instance using TLS only, click Security and select the Allow only secure connections (TLS) option in the Security Settings window.
Note |
Since TLS connections use digital certificates to provide encrypted access, make sure you have obtained a Certificate Authority (CA) certificate, a client public key certificate, and a client private key before you connect to the restored instance using TLS. For more information, see Google Cloud documentation. |
If you do not want to connect to the restored Cloud SQL instance using TLS, select the Allow any connections option.
- If you want to change the encryption settings of the restored Cloud SQL instance, click Encryption and do the following in the Disk Encryption window:
- Select the Preserve the original encryption settings option if you do not want to encrypt persistent disks or want to apply the existing encryption scheme.
Note |
The Preserve the original encryption settings option is disabled if the encryption key is not available in the region where the Cloud SQL instance will be restored. |
- Select the Use the following encryption key option if you want to encrypt persistent disks with customer-managed encryption key (CMEK). Then, select the necessary CMEK from the drop-down list.
For a CMEK to be displayed in the list of available encryption keys, it must be stored in the region selected at step 4 of the wizard.
