hands-on lab

Managing Encryption Keys With Google Cloud KMS

Difficulty: Intermediate

Duration: Up to 1 hour

Students: 1,406

Rating: 4.9/5

Start lab

On average, students complete this lab in20m

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.

Learn and validateUse validations to check your solutions every step of the way.

See resultsTrack your knowledge and monitor your progress.

About

Author

Description

If you are a security engineer or if you are responsible for the security of the resources in the cloud, you know that encryption keys are essential for encrypting data at REST. For this purpose, Google launched Cloud KMS (Key Management Service). Cloud KMS is a managed service that lets users create, rotate, and handle encryption keys for Google Cloud services such as Cloud SQL databases and Compute Engine disks. By using Cloud KMS, you can handle AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. In this lab, you will first learn the basic concepts of Cloud KMS, and you will create a Key Ring, a symmetric encryption key and you will understand how to manually rotate and destroy an encryption key.

Learning Objectives

Upon completion of this lab you will be able to:

Understand the core concepts of Cloud KMS
Define a Key Ring
Create symmetric encryption keys
Manually rotate an encryption key
Destroy and encryption key

Intended Audience

This lab is intended for:

Google Cloud Professional Security Engineer (PSE) certification candidates
Security Engineers who want to handle encryption at REST on Google Cloud
Individuals who want to better understand how to handle encryption keys on Google Cloud