I’m trying to use vault to manage access to a GCP Cloud SQL instance. Cloud SQL uses a proxy to expose the DB to clients. It manages firewall rules and SSL on the db instance. But it does not provide SSL for the local connection.
When I try to configure vault to talk to the DB through the proxy:
error verifying connection: pq: SSL is not enabled on the server
I don’t see any options on the postgres config page or HTTP API page to disable SSL validation. Is that possible?
Ross
Vault is using the pq library (pq package - github.com/lib/pq - Go Packages). When you configure the connection_url you can disable sslmode.
Note: The PostgreSQL storage backend plugin will attempt to use SSL when connecting to the database. If SSL is not enabled the
connection_urlwill need to be configured to disable SSL. See the documentation below to disable SSL. (PostgreSQL - Storage Backends - Configuration | Vault | HashiCorp Developer)
connection_url = "postgres://user:pass@localhost:5432/database?sslmode=disable"
It’s written in the docs. 
Thanks for the pointer. I expect that’ll work with the secrets engine as well. I’ll confirm on Monday and open an PR on the docs assuming it goes well.