My PHP app is on a DigitalOcean droplet while my MySQL 8.0 database is on Google Cloud SQL.
I was testing for a while on localhost and hence gave 0.0.0.0/0, but now I don't want any server other than my droplet to connect to the Google Cloud SQL instance.
Can I now safely remove 0.0.0.0/0 ?
yes it should be safe, and is actually recommended to remove 0.0.0.0/0
from the allowlist.
Once this is removed you will still be able to connect from external IPs not in the whitelist using either the CloudSQL auth proxy or with SSL/TLS certificates