Google Cloud Key Management
- The Google Cloud Key Management Service (KMS) is a cloud-hosted key management service that enables you to manage encryption keys on the Google Cloud Platform.
- Lets you manage your symmetric and asymmetric cryptographic keys the same way you manage them in an on-premises environment.
- You can decide to use the keys generated by Cloud KMS with other Google Cloud services. These keys are known as customer-managed encryption keys (CMEK).
- Can use external KMS to protect your data in Google Cloud and separate data from key.
- You can generate a new key version for your symmetric keys automatically at a fixed time interval when you set a rotation schedule for your keys.
- Encrypt Kubernetes secrets in GKE with keys you manage in Cloud KMS. Moreover, you can store API keys, passwords, certificates, and other sensitive information with the Secret Manager storage system.
- Cloud KMS pricing is based on:
- the number of active key versions
- the protection level on the key versions
- usage rate for key operations.