@David Montoya Nice, We are using Cloud SQL Proxy and Google IAM authentication to allow access to developers. We used this solution from GCP team. Roles are mapped to Google directories and we wrote a utility CLI to easily select and internally create cloud sql proxy tunnel to the database without password based authentication.
https://github.com/GoogleCloudPlatform/cloud-sql-iam-db-authn-groups