Eno Compton

Also, we should port this to AlloyDB Auth Proxy as well.

Cf. https://cloud.google.com/artifact-analysis/docs/os-scanning-on-demand

Making this a feature request since this comes up now and then. Until we document this properly, try the approach shown here: https://github.com/GoogleCloudPlatform/cloud-sql-proxy/issues/1989#issuecomment-1764900574.

Note that's using Workload Identify Federation [1], but if you want to use a credential file, the approach is comparable. [1]: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions

Have you looked at the Proxy's logs at all to confirm it's working as intended?

Thanks for the request. I think this is as simple as running the following command for all our existing architecture / OS combinations: ``` # CGO might be required CGO_ENABLED=1...

We're going to hold off on this since boringcrypto doesn't currently support TLS 1.3.

How are you connecting to the Proxy in the container?

FWIW I do this: ``` docker run --rm -p 5432:5432 gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.8.1 \ --address 0.0.0.0 \ --run-connection-test --token $(gcloud auth print-access-token) ``` And then connect with psql from my host machine....

How often do you see this timeout error? Also I assume you're connecting to public IP?