sup Platformers! blob waver our team was recently tasked with brokering short-lived credentials for devs to access their Google CloudSQL databases using Hashicorp Vault… we ended up open sourcing a database plugin that allows you to securely connect your Hashicorp Vault servers to CloudSQL instances — check out how and why we built it here! if you want to try it, check out the plugin on Github! 👉 https://github.com/expel-io/vault-plugin-database-cloudsql

@David Montoya Nice, We are using Cloud SQL Proxy and Google IAM authentication to allow access to developers. We used this solution from GCP team. Roles are mapped to Google directories and we wrote a utility CLI to easily select and internally create cloud sql proxy tunnel to the database without password based authentication. https://github.com/GoogleCloudPlatform/cloud-sql-iam-db-authn-groups