By default all traffic in GCP is encrypted.
How does one capture traffic in logs (e.g. VPC Flow logs) if it is all encrypted?
GCP stores (logs) a copy of the raw traffic before encrypting it and sending it out. For VPC Flow logs as well as VM to VM Traffic.