Encrypt In Transit Data | Vulnerability Database

SSL connections to a SQL database instance should be enforced.

In-transit data should be encrypted so that if traffic is intercepted data will not be exposed in plaintext to attackers.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enforce SSL for all connections

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18


# For terraform-provider-google < 6.0.1
resource "google_sql_database_instance" "postgres" {
  name             = "postgres-instance-a"
  database_version = "POSTGRES_11"

  settings {
    tier = "db-f1-micro"

    ip_configuration {
      ipv4_enabled = false
      authorized_networks {
        value = "108.12.12.0/24"
        name  = "internal"
      }
      require_ssl = true
    }
  }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18


# For terraform-provider-google >= 6.0.1
resource "google_sql_database_instance" "postgres" {
  name             = "postgres-instance-a"
  database_version = "POSTGRES_11"

  settings {
    tier = "db-f1-micro"

    ip_configuration {
      ipv4_enabled = false
      authorized_networks {
        value = "108.12.12.0/24"
        name  = "internal"
      }
      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
    }
  }
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance