-
If you haven't already, set up a Python Development Environment by following the python setup guide and create a project.
-
Create a 2nd Gen Cloud SQL Instance by following these instructions. Note the connection string, database user, and database password that you create.
-
Create a database for your application by following these instructions. Note the database name.
-
Create a KMS key for your application by following these instructions. Copy the resource name of your created key.
-
Grant an IAM user or service account the 'Cloud SQL Client' permissions by following these instructions.
-
macOS / Windows only: Configure gRPC Root Certificates: On some platforms you may need to accept the Google server certificates, see instructions for setting up root certs.
Set up Application Default Credentials (ADC) for local development (using the
IAM user or service account who was granted the Cloud SQL Client role) by
following these instructions.
To run this application locally, download and install the cloud-sql-proxy by
following the instructions here.
Instructions are provided below for using the proxy with a TCP connection or a Unix Domain Socket.
To run the sample locally with a TCP connection, set environment variables and launch the proxy as shown below.
Use these terminal commands to initialize environment variables:
export DB_HOST='127.0.0.1:5432'
export DB_USER='<DB_USER_NAME>'
export DB_PASS='<DB_PASSWORD>'
export DB_NAME='<DB_NAME>'
export GCP_KMS_URI='<GCP_KMS_URI>'Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.
Then use this command to launch the proxy in the background:
./cloud-sql-proxy --port 5432 <project-id>:<region>:<instance-name> &Note: if you are running a local Postgres server, you will need to turn it off before running the command above or use a different port.
Use these PowerShell commands to initialize environment variables:
$env:DB_HOST="127.0.0.1:5432"
$env:DB_USER="<DB_USER_NAME>"
$env:DB_PASS="<DB_PASSWORD>"
$env:DB_NAME="<DB_NAME>"
$env:GCP_KMS_URI='<GCP_KMS_URI>'Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.
Then use this command to launch the proxy in a separate PowerShell session:
Start-Process -filepath "C:\<path to cloud-sql-proxy.exe>" -ArgumentList "--port 5432 <project-id>:<region>:<instance-name>"Note: if you are running a local Postgres server, you will need to turn it off before running the command above or use a different port.
Note
The Proxy supports Unix domain sockets on recent versions of Windows, but replaces colons with periods:
# Starts a Unix domain socket at the path:
# C:\cloudsql\my-project.my-region.my-instance
./cloud-sql-proxy.exe --unix-socket C:\cloudsql my-project:my-region:my-instanceTo use a Unix socket, you'll need to create a directory for the sockets and initialize an environment variable containing the directory you just created. For example:
export DB_SOCKET_DIR=$(mktemp -d cloudsql)Use these terminal commands to initialize other environment variables as well:
export INSTANCE_CONNECTION_NAME='<MY-PROJECT>:<INSTANCE-REGION>:<INSTANCE-NAME>'
export DB_USER='<DB_USER_NAME>'
export DB_PASS='<DB_PASSWORD>'
export DB_NAME='<DB_NAME>'
export GCP_KMS_URI='<GCP_KMS_URI>'Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as Secret Manager to help keep secrets safe.
Then use this command to launch the proxy in the background:
./cloud-sql-proxy --unix-socket $DB_SOCKET_DIR $INSTANCE_CONNECTION_NAME &Next, setup install the requirements into a virtual environment:
virtualenv --python python3 env
source env/bin/activate
pip install -r requirements.txtAdd new votes:
python snippets/encrypt_and_insert_data.py View the collected votes:
python snippets/query_and_decrypt_data.py