Cloud KMS is a hosted KMS that lets you manage your encryption keys in the cloud. You can create/generate, rotate, use, and destroy AES256 encryption keys just like you would in your on-premises environments. You can also use the cloud KMS REST API to encrypt and decrypt data. Before we explore Cloud KMS, we need to understand the object hierarchy structure. Let's briefly go over the object hierarchy and then explore Cloud KMS on the GCP console.
To enhance access control management, Cloud KMS stores keys in a hierarchical structure. There are different levels in the hierarchical structure:
- Project: Like every other GCP resource, Cloud KMS resources belong to a project. All primitive IAM roles that are applied to a ...