Cloud KMS
Definition
Cloud Key Management Service (Cloud KMS) is a managed service that allows users to create, manage, and use cryptographic keys on cloud platforms. It provides a secure way to encrypt and decrypt data, ensuring that sensitive information is protected both at rest and in transit. Cloud KMS integrates with other cloud services to facilitate seamless encryption and decryption operations, while also offering features like key rotation, access control, and audit logging to enhance security and compliance.
Secure Settings Example
resources:
- name: my-key-ring
type: google.cloud.kms.v1.KeyRing
properties:
location: "us-central1"
- name: my-crypto-key
type: google.cloud.kms.v1.CryptoKey
properties:
keyRing: "$(ref.my-key-ring.name)"
purpose: "ENCRYPT_DECRYPT"
rotationPeriod: "30d"
nextRotationTime: "2023-11-01T00:00:00Z"
versionTemplate:
algorithm: "GOOGLE_SYMMETRIC_ENCRYPTION"
Insecure Settings Example
resources:
- name: my-key-ring
type: google.cloud.kms.v1.KeyRing
properties:
location: "us-central1"
- name: my-crypto-key
type: google.cloud.kms.v1.CryptoKey
properties:
keyRing: "$(ref.my-key-ring.name)"
purpose: "ENCRYPT_DECRYPT"
# No key rotation policy defined, increasing risk of key compromise