Key management service

Cloud KMS is a hosted KMS that lets you manage your encryption keys in the cloud. You can create/generate, rotate, use, and destroy AES256 encryption keys just like you would in your on-premises environments. You can also use the cloud KMS REST API to encrypt and decrypt data. Before we explore Cloud KMS, we need to understand the object hierarchy structure. Let's briefly go over the object hierarchy and then explore Cloud KMS on the GCP console.

To enhance access control management, Cloud KMS stores keys in a hierarchical structure. There are different levels in the hierarchical structure:

  1. Project: Like every other GCP resource, Cloud KMS resources belong to a project. All primitive IAM roles that are applied to a ...

Get Google Cloud Platform Administration now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.