[oomkiller]

Very nice. Now, maybe allow it to connect to a typical SQL database via Cloud SQL? It seems like the only hosted database you can use with this is Cloud Datastore, a proprietary NoSQL database.

[rfks]

Looks like this is supported https://cloud.google.com/appengine/docs/standard/nodejs/usin... ?

[oomkiller]

Cool, this has previously been an issue. They haven't updated the docs I was looking at yet https://cloud.google.com/sql/docs/postgres/connect-app-engin...

[steren]

(PM on the team) Good catch, I'm sending a pull request.

[frabcus]

While you're here...

It's really unclear from this what the security best practice is for where to put the Cloud SQL password.

Do we just assume the password is public info and rely on IAM?

This discusses really clunky methods to use the legacy datastore or a bucket to store a password.

https://stackoverflow.com/questions/22669528/securely-storin...

Seems odd when competitors (Heroku, Beanstalk) have a special system for keeping environment variables with the password in.

[oomkiller]

At this point I believe Google has a deep aversion to storing secrets in environment variables. The best way I have found so far is to use Cloud KMS to encrypt the credentials and have the deploy process be able to fetch and decrypt them on the fly. Some folks also store that and other config in Datastore, although I think that's really clunky. You can also use Google Cloud KMS-backed Hashicorp Vault: https://cloud.google.com/solutions/using-vault-for-secret-ma...