Generates a short-lived X509 certificate containing the provided public key and signed by a private key specific to the target instance. Users may use the certificate to authenticate as themselves when connecting to the database.
HTTP request
POST https://sqladmin.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}:generateEphemeralCert
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
project
|
Project ID of the project that contains the instance. |
instance
|
Cloud SQL instance ID. This does not include the project ID. |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "public_key" : string , "access_token" : string , "readTime" : string , "validDuration" : string } |
| Fields | |
|---|---|
public_key
|
PEM encoded public key to include in the signed certificate. |
access_token
|
Optional. Access token to include in the signed certificate. |
readTime
|
Optional. Optional snapshot read timestamp to trade freshness for performance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
validDuration
|
Optional. If set, it will contain the cert valid duration. A duration in seconds with up to nine fractional digits, ending with ' |
Response body
Ephemeral certificate creation request.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"ephemeralCert"
:
{
object (
|
| Fields | |
|---|---|
ephemeralCert
|
Generated cert |
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/cloud-platform -
https://www.googleapis.com/auth/sqlservice.admin
For more information, see the Authentication Overview .
