Archives for Cloud KMS
Google Cloud KMS FAQ
What is Envelope Encryption? Cloud KMS generates a key called the KEK (key encrypting key). This key DOES NOT encrypt your payload data. It just encrypts the key that is…
GCP KMS Basics
This content is password protected. To view it please enter your password below: Password:
KMS Keys in a Single Project or Multiple Projects?
Also read KMS - Auditing Key Activity and KMS - Monitoring and Alerting Storing all KMS Keys in a single project has some advantages. One can tightly place IAM controls…
KMS Auditing Key Activity
Which KMS Activities are not LOGGED by default? (Also read KMS Monitoring and Alerting ) IMonitoring administrative activities vs. data access activities: All administrative KMS activities are logged by default. For…
GCP KMS Monitoring and Alerting
KMS Monitoring Example Use the gcloud logging metrics create command to create a counter metric that will monitor any occurrence of the scheduled destruction of a key version. gcloud logging…