If you are a security engineer or if you are responsible for the security of the resources in the cloud, you know that encryption keys are essential for encrypting data at REST. For this purpose, Google launched Cloud KMS (Key Management Service). Cloud KMS is a managed service that lets users create, rotate, and handle encryption keys for Google Cloud services such as Cloud SQL databases and Compute Engine disks. By using Cloud KMS, you can handle AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. In this lab, you will first learn the basic concepts of Cloud KMS, and you will create a Key Ring, a symmetric encryption key and you will understand how to manually rotate and destroy an encryption key.
Upon completion of this lab you will be able to:
This lab is intended for:
Basic knowledge of encryption is a plus, but it's not required.
December 14th, 2021 - Update the lab to reflect the latest console experience