Cloud KMS - bobbae/gcp GitHub Wiki
Cloud KMS
Cloud KMS is a cloud-hosted key management service that lets you manage symmetric and asymmetric cryptographic keys for your cloud services.
Cloud KMS Deep dive
https://cloud.google.com/security/key-management-deep-dive/
Quick start
https://cloud.google.com/kms/docs/quickstart
Encryption at rest
https://cloud.google.com/docs/security/encryption/default-encryption
Encryption in transit
https://cloud.google.com/docs/security/encryption-in-transit
Customer supplied encryption keys
https://cloud.google.com/docs/security/encryption/customer-supplied-encryption-keys
Deep-dive
https://cloud.google.com/docs/security/key-management-deep-dive
ATLS
https://cloud.google.com/docs/security/encryption-in-transit/application-layer-transport-security
https://grpc.io/docs/languages/go/alts/
Cloud EKM
https://cloud.google.com/kms/docs/ekm
Key Access Justifications works with Cloud EKM to greatly advance the control you have over your data.
https://cloud.google.com/blog/products/identity-security/whats-new-with-cloud-ekm
Cloud trust paradox
Use EKM to resolve Cloud trust paradox
Reference architectures for reliable deployment of Cloud EKM services
https://cloud.google.com/docs/security/reliable-ekm-architectures
Trust paradox
Cloud HSM
Cloud HSM is a cloud-hosted Hardware Security Module (HSM) service that allows you to host encryption keys and perform cryptographic operations in a cluster of FIPS 140-2 Level 3 certified HSMs.
BeyondProd
https://cloud.google.com/docs/security/beyondprod
Examples
Using Cloud KMS
https://www.freecodecamp.org/news/securing-managing-secrets-using-google-cloud-kms-3fe08c69f499/
Encrypt password in transit and at rest using Cloud KMS
https://soumendra-mishra.medium.com/password-encryption-at-rest-and-in-transit-e284b7c1b76e