31 Oct 2020
In this article, we will take a closer look at Google’s Cloud Key Management Services. When users store data into Google Cloud, the data is automatically encrypted at rest. We use Google’s Cloud Key Management service to gain better control over managing the encrypted data-at-rest and encryption keys.
Source and Control of cryptographic keys
Cryptographic keys in Cloud KMS
Key metadata: Resource names, properties of KMS resources such as IAM policies, key type, key size, key state, and any data derived from the above. Key metadata can be managed differently than the key material.
CloudKMS platform overview
The Cloud KMS platform provides two backends (excluding Cloud EKM), which are exposed in the Cloud KMS API as
Google Cloud supports CMEK for several services, including
CMEK lets users use the Cloud KMS platform to manage the encryption keys that these services use to help protect their data.