Should I enable SSL on my MySQL database with Cloud SQL?

Question

I was wondering if I should enable SSL with my Cloud SQL (Google Cloud Platform) instance. I communicate with the database via a Laravel (PHP) application and specified that the IP address of my server (hosted on DigitalOcean) only has access to the Cloud SQL instance.

My thought was, even if I enable SSL, anyone who has access to the server can query the database in some sort of way, because the SSL certificates are on the server. So does enabling SSL make any sense? Does it make it more secure? Or is it safe to be off?

Thanks for your time and answers.

Answer 1

Using SSL is critical if you don't want anyone to watch or intercept your traffic. Secure connection enables you to hide your DB queries and transactions. This can be determined by your application and type of data you are exchanging and whether you trust the network or not.

Answer 2

Just in order to complete the answer by @Khaled, as stated in the documentation about using SSL in Cloud SQL:

SSL is needed to provide security when you connect to Cloud SQL using IP addresses. Connections made using the Cloud SQL Proxy, and connections from App Engine applications, are encrypted by default whether you configure SSL for the instance or not.

So, in short, you should use an SSL certificate when:

• Connecting to an instance using an IP address.

You do not need to use an SSL certificate (because it is encrypted by default) if:

• Connecting to an instance from an App Engine application.
• Connecting to an instance using Cloud SQL Proxy.

In any case, the general idea is that yes, it is strongly recommended to secure the data exchanged between the Cloud SQL instance and any kind of client connecting to it, and SSL certificates are the way to achieve a proper communication encryption.