Optional. Certificate Authority (CA) source. Only CA_SOURCE_MANAGED is supported currently, and is the default value.
SslMode
SSL mode options.
Enums
SSL_MODE_UNSPECIFIED
SSL mode is not specified. Defaults to ENCRYPTED_ONLY.
SSL_MODE_ALLOW
SSL connections are optional. CA verification not enforced.
SSL_MODE_REQUIRE
SSL connections are required. CA verification not enforced. Clients may use locally self-signed certificates (default psql client behavior).
SSL_MODE_VERIFY_CA
SSL connections are required. CA verification enforced. Clients must have certificates signed by a Cluster CA, for example, using GenerateClientCertificate.
ALLOW_UNENCRYPTED_AND_ENCRYPTED
SSL connections are optional. CA verification not enforced.
ENCRYPTED_ONLY
SSL connections are required. CA verification not enforced.
CaSource
Certificate Authority (CA) source for SSL/TLS certificates.
Enums
CA_SOURCE_UNSPECIFIED
Certificate Authority (CA) source not specified. Defaults to CA_SOURCE_MANAGED.
CA_SOURCE_MANAGED
Certificate Authority (CA) managed by the AlloyDB Cluster.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-15 UTC."],[[["\u003cp\u003e\u003ccode\u003esslMode\u003c/code\u003e defines the desired SSL/TLS connection behavior between client and server, with options ranging from optional to required encryption.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003ecaSource\u003c/code\u003e specifies the origin of the Certificate Authority (CA) and currently only supports \u003ccode\u003eCA_SOURCE_MANAGED\u003c/code\u003e, indicating that the CA is managed by the AlloyDB Cluster.\u003c/p\u003e\n"],["\u003cp\u003eThe available \u003ccode\u003esslMode\u003c/code\u003e options include \u003ccode\u003eSSL_MODE_UNSPECIFIED\u003c/code\u003e, \u003ccode\u003eSSL_MODE_ALLOW\u003c/code\u003e, \u003ccode\u003eSSL_MODE_REQUIRE\u003c/code\u003e, \u003ccode\u003eSSL_MODE_VERIFY_CA\u003c/code\u003e, \u003ccode\u003eALLOW_UNENCRYPTED_AND_ENCRYPTED\u003c/code\u003e, and \u003ccode\u003eENCRYPTED_ONLY\u003c/code\u003e, although some are deprecated.\u003c/p\u003e\n"],["\u003cp\u003eThe available \u003ccode\u003ecaSource\u003c/code\u003e enums are \u003ccode\u003eCA_SOURCE_UNSPECIFIED\u003c/code\u003e and \u003ccode\u003eCA_SOURCE_MANAGED\u003c/code\u003e, with the latter being the only currently supported and default option.\u003c/p\u003e\n"]]],[],null,["# SslConfig\n\nSSL configuration.\n\nSslMode\n-------\n\nSSL mode options.\n\nCaSource\n--------\n\nCertificate Authority (CA) source for SSL/TLS certificates."]]
