gcloud sql users set-password-policy

NAME
gcloud sql users set-password-policy - replaces a user's password policy in a given instance
SYNOPSIS
gcloud sql users set-password-policyUSERNAME--instance=INSTANCE,-iINSTANCE[--async][--clear-password-policy][--host=HOST][--password-policy-allowed-failed-attempts=PASSWORD_POLICY_ALLOWED_FAILED_ATTEMPTS][--[no-]password-policy-enable-failed-attempts-check][--[no-]password-policy-enable-password-verification][--password-policy-password-expiration-duration=PASSWORD_POLICY_PASSWORD_EXPIRATION_DURATION][GCLOUD_WIDE_FLAG]
DESCRIPTION
Replaces a user's password policy in a given instance with a specified usernameand host.
EXAMPLES
To replace the password policy with 2 minutes password expiration time formy-user in instanceprod-instance, run:
gcloudsqlusersset-password-policymy-user--instance=prod-instance--password-policy-password-expiration-duration=2m

To clear the existing password policy ofmy-user in instanceprod-instance, run:

gcloudsqlusersset-password-policymy-user--instance=prod-instance--clear-password-policy
POSITIONAL ARGUMENTS
USERNAME
Cloud SQL username.
REQUIRED FLAGS
--instance=INSTANCE,-iINSTANCE
Cloud SQL instance ID.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to complete.
--clear-password-policy
Clear the existing password policy. This flag is only available for Postgres.
--host=HOST
Cloud SQL user's hostname expressed as a specific IP address or address range.% denotes an unrestricted hostname. Applicable flag for MySQLinstances; ignored for all other engines. Note, if you connect to your instanceusing IP addresses, you must add your client IP address as an authorizedaddress, even if your hostname is unrestricted. For more information, seeConfigure IP.
--password-policy-allowed-failed-attempts=PASSWORD_POLICY_ALLOWED_FAILED_ATTEMPTS
Number of failed login attempts allowed before a user is locked out.
--[no-]password-policy-enable-failed-attempts-check
Enables the failed login attempts check if set to true. Use--password-policy-enable-failed-attempts-check to enable and--no-password-policy-enable-failed-attempts-check to disable.
--[no-]password-policy-enable-password-verification
The current password must be specified when altering the password. Use--password-policy-enable-password-verification to enable and--no-password-policy-enable-password-verification to disable.
--password-policy-password-expiration-duration=PASSWORD_POLICY_PASSWORD_EXPIRATION_DURATION
Expiration duration after a password is updated, for example, 2d for 2 days. Seegcloud topicdatetimes for information on duration formats.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
These variants are also available:
gcloudalphasqlusersset-password-policy
gcloudbetasqlusersset-password-policy

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-20 UTC.