中文版
CloudSQL Proxy Hardening Encryptor: https://github.com/Funny-Systems-OSS/CloudSQL-Proxy-Hardening-Encryptor
- Replace plain credential file with encrypted one which bound to instance ID.
- Compare with original Cloud SQL Proxy Software | Google Cloud SQL Proxy | Cloud SQL Proxy Hardening (OSS Edition) | Cloud SQL Proxy Hardening (Enterpise Edition) ---------------------|-------------------------|-----------------------------------------|---------------------------------------------- Credential File | Plaintext | Ciphertext | Ciphertext Bind with Instance | No | Yes | Yes Support Auto-Scaling | No | No | Yes Authentication | Service Account | Serivce Account & Instance ID | ENHANCED
- For more infomation ? Contact oss@funny.systems
- Go 1.15 or higher.
cloudsql-proxy: https://github.com/GoogleCloudPlatform/cloudsql-proxy/tree/v1.19.0
- git clone https://github.com/Funny-Systems-OSS/cloudsql-proxy-hardening.git
- cd ./cloudsql-proxy-hardening
- go build -o ../cloud_sql_proxy_funny ./cmd/cloud_sql_proxy/
- ./cloud_sql_proxy_funny <-credential_file credential_file_path> [-use_plainfile]
- -credential_file:
The encrypted credential file be used to retrieve Service Account credential in cloud_sql_proxy_funny. - -use_plainfile:
Setting this flag will allow you to use plainfile.
- -credential_file:
- Act as classic cloud_sql_proxy if not in debug mode.