Cryptographic key management : Cloud KMS is a cloud-hosted key management service that lets you manage cryptographic keys for your cloud services the same way you do on-premises. You can generate, use, rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. Cloud KMS is integrated with Cloud IAM and Cloud Audit Logging so that you can manage permissions on individual keys and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data that you need to store in Google Cloud Platform.
Scalable, automated, fast
Keep millions of cryptographic keys, allowing you to determine the level of granularity at which to encrypt your data. Set keys to automatically rotate regularly, using a new primary version to encrypt data and limit the scope of data accessible with any single key version. Keep as many active key versions as you want. Rely on our low latency to ensure you can access your keys quickly.
Greater management over key use
Manage Cloud IAM permissions for user-level permissions on individual keys and grant access to both individual users and service accounts. View admin activity and key use logs with Cloud Audit Logging, using Cloud KMS as a central point to filter access to your most sensitive data. Monitor logs to ensure proper use of your keys.
Easily encrypt and sign data
Cloud KMS gives you the flexibility to encrypt your data with either a symmetric or asymmetric key that’s under your control. You can also perform signing operations with both RSA and elliptic curve keys of various lengths.
Implement envelope encryption
Implement a key hierarchy with a local data encryption key (DEK), protected by a key encryption key (KEK) in Cloud KMS. Manage keys used to encrypt your data at the application layer, stored in your storage systems, at Google, or anywhere else.
Help satisfy compliance needs
With Cloud KMS, you can manage the encryption keys used to protect sensitive data residing across GCP with customer managed encryption keys (CMEK). For compliance mandates requiring that keys and crypto operations be performed within a hardware environment, the Cloud KMS integration with Cloud HSM makes it simple to create a key protected by a FIPS 140-2 Level 3 device.
references:
https://cloud.google.com/kms/
No comments:
Post a Comment