June 2018
Intermediate to advanced
372 pages
8h 44m
English
Content preview from Google Cloud Platform for Architects
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Use case – using customer supplied encryption keys
Data in GCS buckets is always encrypted, in-flight and at-rest. If we do nothing at all, the encryption occurs using Google-supplied keys. These keys are created, managed, and rotated by Google, and we need not bother with data encryption at all. This is the first option, called Google Supplied Encryption Key (GSEK), which is the one most likely to work right out of the box. The keys are those associated with the respective users and governed by IAM:
Alternatively, a customer might want more control, and insist on Customer Supplied Encryption Key (CSEK). Here, the key resides on the customer's ...