Sign in into the **Google Cloud Platform**

Type "**Cloud Storage"** in the search bar and click on the **Cloud Storage** option

**What is Cloud Storage?**\
\
In Google Cloud Platform (GCP), **Cloud Storage** is a service that provides scalable and secure object storage for unstructured data. It allows you to store, retrieve, and manage data like images, videos, backups, and other large files. GCP Cloud Storage offers different storage classes (e.g., Standard, Nearline, Coldline, and Archive) to optimize cost and performance based on data access patterns. It also includes features like automatic redundancy, versioning, and integration with other GCP services.

**Buckets** wizard will open, click on the **CREATE** button

**Create a bucket** wizard will open, give the Bucket Name as - "**my-first-bucket-in28minutes-3**"

**Refer to this guide to learn how to configure the next steps for creating Cloud Storage**<https://scribehow.com/shared/Playing_with_Object_Storage_in_GCP__Cloud_Storage__nEbsQl7pQ02uoOi7v9IeZA>

On the **Bucket** wizard, scroll and click on the **DATA ENCRYPTION** dropdown section

Select the option **Google-managed encryption key**

**What is Google-managed encryption key?**\
\
A Google-managed encryption key is an encryption key that is automatically created, managed, and maintained by Google Cloud to secure your data. With this type of key, Google handles all aspects of encryption, including key rotation, storage, and access control, ensuring that your data is encrypted at rest without requiring you to manage the encryption process yourself.

You can also select the option **Cloud KMS key**

**What is Cloud KMS key?**\
\
A Cloud KMS key (Key Management Service key) is a cryptographic key managed by Google Cloud's Key Management Service (KMS). It allows you to create, manage, and use encryption keys to secure your data stored in Google Cloud services. With Cloud KMS, you have more control over key generation, usage, and lifecycle management, including the ability to rotate keys, set access controls, and audit key usage. This is particularly useful for organizations that require a higher level of security and compliance.

Select the **Cloud KMS** from the **Cloud type** dropdown and select a customer-managed key from the dropdown

**What is Cloud KMS?**\
\
**Cloud KMS (Key Management Service)** is a Google Cloud service that allows you to create, manage, and use cryptographic keys for data encryption and decryption across Google Cloud services and applications. Cloud KMS supports symmetric and asymmetric keys, enabling you to securely manage sensitive information such as passwords, API keys, or encryption keys. It provides features like key rotation, granular access control, and audit logging, helping you maintain security and compliance with industry standards.

Congratulations! on completing this lab and Encrypting Cloud Storage Data using Cloud KMS

Google Cloud

This guide provides essential steps to securely encrypt data stored in cloud services using Cloud KMS, ensuring that your sensitive information is protected from unauthorized access.

Encrypting Cloud Storage Data - Cloud KMS