Stay organized with collections Save and categorize content based on your preferences.
You can create a connection profile on its own or in the context of creating a specific migration job. Either way, all connection profiles are available for review and modification on the Connection profiles page, and can be reused across migration jobs.
Creating a source connection profile on its own is useful if the person who has the source access information is not the same person who creates the migration job. You can also reuse a source connection profile definition in multiple migration jobs. If you use the same profile for multiple migrations, you need to update the max_replication_slots parameter in the source database to account for the number of replicas you're creating.
To create a source connection profile, follow these steps:
From the Database engine list, select your source database engine.
If you select Cloud SQL for PostgreSQL from this list, then a Cloud SQL instance list appears. Select the Cloud SQL instance that you want to migrate.Enter a Hostname or IP address.
If the source database is hosted in Google Cloud or if a reverse SSH tunnel is used to connect the destination database to the source database, then specify the private (internal) IP address for the source database. This address will be accessible by the Cloud SQL destination. For more information, see Configure connectivity using VPC peering.
For other connectivity methods, such as IP allowlist, provide the public IP address.
In the Connection profile region section of the page, select the region where you want to save the connection profile.
Connection profiles, like all resources, are saved in a region. Region selection doesn't impact which migration jobs can use them, or which regions can connect to the data location itself, but can impact availability in the case of regional downtime.Optional: If the connection is made over a public network (by using IP allowlists), then we recommend that you use SSL/TLS encryption for the connection between the source and destination databases.
In the Secure your connection section, from the Encryption type list, you can select one of the following SSL/TLS configuration options:
require_secure_transport to off. For more information about the require_secure_transport setting, see Configure your source.TLS authentication: When the Cloud SQL destination instance connects to the source database, the instance authenticates the source, ensuring that the instance is connecting to the correct host securely. This prevents person-in-the-middle (PITM) attacks. For TLS authentication, the source doesn't authenticate the instance.
To use TLS authentication, you must provide the x509 PEM-encoded certificate of the CA that signed the external server's certificate.
For more information about creating certificates and keys for your external server, see Creating SSL and RSA Certificates and Keys using MySQL.mTLS authentication provides the strongest security. However, if you don't want to provide the client certificate and private key when you create the Cloud SQL destination instance, you can still use TLS authentication.
To use mTLS authentication, you must provide the following items when you create the destination connection profile:
For more information about creating certificates and keys for your source database server, see Secure TCP/IP Connections with SSL.
If you're having trouble uploading the key, then select the Enter manually option, and copy and paste the key into the text area.
Click Create at the bottom of the page.
The Connection profiles page appears, and the newly created connection profile is displayed.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-09 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-09 UTC."],[[["Connection profiles can be created independently or during the setup of a migration job, and are reusable across multiple jobs, allowing for efficient management of database connections."],["When creating a source connection profile, you must specify details such as the profile role, database engine, connection name, ID, hostname or IP address, and the port, as well as the source database's username and password."],["The choice of connection profile region does not affect which migration jobs can utilize the profile or the regions that can access the data but can impact the availability of the profile."],["Secure connections via SSL/TLS are recommended for public network connections and offer options including no encryption, basic encryption, TLS authentication, and mTLS authentication for enhanced security."],["Depending on the security level required, the setup may require the x509 PEM-encoded certificate of the Certificate Authority (CA), the client certificate, and the associated client key for secure source and destination authentications."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4