> ## Documentation Index
> Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Add a Cloud SQL Instance

Opal lets your developers find and request access to GCP Cloud SQL instances. Use the following steps to add SQL instances to your Opal dashboard.

## 1. Enable the Cloud SQL Admin API

Opal requires the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com) to list and manage Cloud SQL instances. You must enable this API in **both**:

* The project where the Opal service account lives
* Every project that contains Cloud SQL instances you want to manage

To enable the API:

1. Visit the [Cloud SQL Admin API page](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com).
2. Use the project selector in the top navigation bar to select the correct project.
3. Click **Enable**.
4. Repeat these steps for every project that has Cloud SQL instances you want to surface in Opal.

## 2. Go to SQL in GCP

Access the [SQL browser using this link](https://console.cloud.google.com/sql/instances) or find it by navigating to SQL in the search bar.

## 3. Configure your SQL instance

Select your instance and click **Edit**.

* Under **Customize your instance**, click **Flags**.
* Click **Add Flag**.
* Select cloudsql.iam\_authentication.
* Click **Done**.

<img src="https://mintcdn.com/opalsecurity/TlQj9FwRe9HHNEYB/images/docs/122ebe7-SQL_1.png?fit=max&auto=format&n=TlQj9FwRe9HHNEYB&q=85&s=29b0aed3e3c44e6dbf4ab14343254e8e" alt="" width="1118" height="890" data-path="images/docs/122ebe7-SQL_1.png" />

Opal only adds resources for SQL instances that you label with `opal`.

* Scroll down to **Labels **and add the opal label.
* Click **Done**.
* Click **Save**

<img src="https://mintcdn.com/opalsecurity/fu-nWazMe1LxLhxi/images/docs/2a59b02-SQL_2.png?fit=max&auto=format&n=fu-nWazMe1LxLhxi&q=85&s=44f310c2d87409e59738d8ab6ed84280" alt="" width="1078" height="826" data-path="images/docs/2a59b02-SQL_2.png" />

## Access a SQL instance in Opal

If you successfully labeled your SQL instance in GCP, the new SQL resource shows in the **Resources** tab.

<img src="https://mintcdn.com/opalsecurity/fu-nWazMe1LxLhxi/images/docs/221fe4965775b1c1b627d7b551a651e516afb1a82db2d0f6a835290cb255ca49-gcp-cloud-sql.png?fit=max&auto=format&n=fu-nWazMe1LxLhxi&q=85&s=d7a5188e75d898e7f666ca9626dd5d2e" alt="2312" width="2508" height="1557" data-path="images/docs/221fe4965775b1c1b627d7b551a651e516afb1a82db2d0f6a835290cb255ca49-gcp-cloud-sql.png" />

Access to this instance is granted to the GCP user that matches your email address.

Opal [adds IAM users](https://cloud.google.com/sql/docs/mysql/add-manage-iam-users#creating-a-database-user) to the Cloud SQL instance, so users can log in, but by default accounts do **not** have any database privileges. Use the [Google guide](https://cloud.google.com/sql/docs/mysql/add-manage-iam-users#grant-db-privileges) to learn how to grant users database privileges.

***