Cloud EKM

Overview

• Cloud External Key Manager
• Keys from external key management partners
• Works only with services which support customer managed encryption keys (CMEKs), e.g.: BigQuery, Compute Engine, Cloud Run, Cloud Spanner, Cloud Storage, Kubernetes Engine, Pub/Sub, Secret Manager
• Benefits:
  • Key provenance
  • Keys never cached or stored in Google Cloud
  • Access control
  • Centralized key management