diff --git a/config/sql/config.go b/config/sql/config.go
index 9981854a..cc687888 100644
--- a/config/sql/config.go
+++ b/config/sql/config.go
@@ -21,6 +21,8 @@ const (
 
 	CloudSQLSecretConnectionName = "connectionName"
 
+	CloudSQLUserName = "userName"
+
 	PrivateIPKey = "privateIP"
 	PublicIPKey  = "publicIP"
 )
@@ -149,6 +151,16 @@ func Configure(p *config.Provider) { //nolint:gocyclo
 			Type: "DatabaseInstance",
 		}
 
+		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]interface{}) (map[string][]byte, error) {
+			conn := map[string][]byte{}
+			// reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user#argument-reference
+			// map the Terraform attribute name to the Provider's connection details attribute name
+			if a, ok := attr["name"].(string); ok {
+				conn[CloudSQLUserName] = []byte(a)
+			}
+			return conn, nil
+		}
+
 		r.UseAsync = true
 	})
 	p.AddResourceConfigurator("google_sql_ssl_cert", func(r *config.Resource) {
diff --git a/examples/sql/user.yaml b/examples/sql/user.yaml
index 51390cd1..8abc102d 100644
--- a/examples/sql/user.yaml
+++ b/examples/sql/user.yaml
@@ -18,3 +18,6 @@ spec:
       key: password
     instanceRef:
       name: example-instance
+  writeConnectionSecretToRef:
+    name: example-sql-user-secret
+    namespace: crossplane-system