If you are a security engineer or if you are responsible for the security of the resources in the cloud, you know that encryption keys are essential for encrypting data at REST. For this purpose, Google launched Cloud KMS (Key Management Service). Cloud KMS is a managed service that lets users create, rotate, and handle encryption keys for Google Cloud services such as Cloud SQL databases and Compute Engine disks. By using Cloud KMS, you can handle AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. In this lab, you will first learn the basic concepts of Cloud KMS, and you will create a Key Ring, a symmetric encryption key and you will understand how to manually rotate and destroy an encryption key.
Learning Objectives
Upon completion of this lab you will be able to:
- Understand the core concepts of Cloud KMS
- Define a Key Ring
- Create symmetric encryption keys
- Manually rotate an encryption key
- Destroy and encryption key
Intended Audience
This lab is intended for:
- Google Cloud Professional Security Engineer (PSE) certification candidates
- Security Engineers who want to handle encryption at REST on Google Cloud
- Individuals who want to better understand how to handle encryption keys on Google Cloud
Prerequisites
Basic knowledge of encryption is a plus, but it's not required.
Updates
December 14th, 2021 - Update the lab to reflect the latest console experience
Environment before
Environment after
Stefano studies Computer Science and is passionate about technology. He loves working with Cloud services and learning all the best practices for them. Google Cloud Platform and Amazon Web Services are the cloud providers he prefers. He is a Google Cloud Certified Associate Cloud Engineer. Node.js is the programming language he always uses to code. When he's not involved in studying or working, Stefano loves riding his motorbike and exploring new places.