Cloud KMS - bobbae/gcp GitHub Wiki

Cloud KMS

Cloud KMS is a cloud-hosted key management service that lets you manage symmetric and asymmetric cryptographic keys for your cloud services.

Cloud KMS Deep dive

https://cloud.google.com/security/key-management-deep-dive/

Quick start

https://cloud.google.com/kms/docs/quickstart

Encryption at rest

https://cloud.google.com/docs/security/encryption/default-encryption

Encryption in transit

https://cloud.google.com/docs/security/encryption-in-transit

Customer supplied encryption keys

https://cloud.google.com/docs/security/encryption/customer-supplied-encryption-keys

Deep-dive

https://cloud.google.com/docs/security/key-management-deep-dive

ATLS

https://cloud.google.com/docs/security/encryption-in-transit/application-layer-transport-security

https://grpc.io/docs/languages/go/alts/

Cloud EKM

https://cloud.google.com/kms/docs/ekm

Key Access Justifications works with Cloud EKM to greatly advance the control you have over your data.

https://cloud.google.com/blog/products/identity-security/whats-new-with-cloud-ekm

Cloud trust paradox

https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less

Use EKM to resolve Cloud trust paradox

https://cloud.google.com/blog/products/identity-security/how-cloud-ekm-can-help-resolve-the-cloud-trust-paradox/

Reference architectures for reliable deployment of Cloud EKM services

https://cloud.google.com/docs/security/reliable-ekm-architectures

Trust paradox

https://www.brighttalk.com/webcast/18598/455312/the-cloud-trust-paradox-trusting-cloud-computing-more-requires-trusting-it-less

Cloud HSM

Cloud HSM is a cloud-hosted Hardware Security Module (HSM) service that allows you to host encryption keys and perform cryptographic operations in a cluster of FIPS 140-2 Level 3 certified HSMs.

BeyondProd

https://cloud.google.com/docs/security/beyondprod

Examples

Using Cloud KMS

https://www.freecodecamp.org/news/securing-managing-secrets-using-google-cloud-kms-3fe08c69f499/

Encrypt password in transit and at rest using Cloud KMS

https://soumendra-mishra.medium.com/password-encryption-at-rest-and-in-transit-e284b7c1b76e