Optional. Certificate Authority (CA) source. Only CA_SOURCE_MANAGED is supported currently, and is the default value.
SslMode
SSL mode options.
Enums
SSL_MODE_UNSPECIFIED
SSL mode is not specified. Defaults to ENCRYPTED_ONLY.
SSL_MODE_ALLOW
SSL connections are optional. CA verification not enforced.
SSL_MODE_REQUIRE
SSL connections are required. CA verification not enforced. Clients may use locally self-signed certificates (default psql client behavior).
SSL_MODE_VERIFY_CA
SSL connections are required. CA verification enforced. Clients must have certificates signed by a Cluster CA, for example, using GenerateClientCertificate.
ALLOW_UNENCRYPTED_AND_ENCRYPTED
SSL connections are optional. CA verification not enforced.
ENCRYPTED_ONLY
SSL connections are required. CA verification not enforced.
CaSource
Certificate Authority (CA) source for SSL/TLS certificates.
Enums
CA_SOURCE_UNSPECIFIED
Certificate Authority (CA) source not specified. Defaults to CA_SOURCE_MANAGED.
CA_SOURCE_MANAGED
Certificate Authority (CA) managed by the AlloyDB Cluster.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-15 UTC."],[[["\u003cp\u003e\u003ccode\u003esslMode\u003c/code\u003e defines the desired SSL/TLS connection behavior between client and server, with options ranging from allowing unencrypted connections to requiring and enforcing CA verification.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003ecaSource\u003c/code\u003e specifies the origin of the Certificate Authority (CA) for SSL/TLS certificates, and currently, only the \u003ccode\u003eCA_SOURCE_MANAGED\u003c/code\u003e option, where the CA is managed by the AlloyDB Cluster, is supported.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003esslMode\u003c/code\u003e field offers options such as \u003ccode\u003eALLOW_UNENCRYPTED_AND_ENCRYPTED\u003c/code\u003e for optional SSL, and \u003ccode\u003eENCRYPTED_ONLY\u003c/code\u003e for required SSL connections without enforced CA verification.\u003c/p\u003e\n"],["\u003cp\u003eSeveral \u003ccode\u003eSslMode\u003c/code\u003e options like \u003ccode\u003eSSL_MODE_ALLOW\u003c/code\u003e, \u003ccode\u003eSSL_MODE_REQUIRE\u003c/code\u003e, and \u003ccode\u003eSSL_MODE_VERIFY_CA\u003c/code\u003e are deprecated.\u003c/p\u003e\n"],["\u003cp\u003eThe default settings for \u003ccode\u003esslMode\u003c/code\u003e is \u003ccode\u003eENCRYPTED_ONLY\u003c/code\u003e if not specified, and the default \u003ccode\u003ecaSource\u003c/code\u003e setting is \u003ccode\u003eCA_SOURCE_MANAGED\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]