Playing with Cloud KMS | Scribe

    Playing with Cloud KMS

    • Hafeez Baig |
    • 24 steps |
    • 2 minutes
    1
    Sign in into the **Google Cloud Console**
    2
    Type "**Key Management**" in the search bar and click on the **Key Management** option
    3
    **Cloud Key Management Service (KMS) API** wizard will open, click on the **ENABLE** button
    information ordinal icon
    **What is Cloud Key Management Service (KMS) API?**\ \ **Cloud Key Management Service (KMS) API** in Google Cloud Platform (GCP) is a managed service that allows you to create, use, rotate, and destroy cryptographic keys. It helps secure sensitive data by providing encryption and decryption capabilities, key storage, and key management features, integrating seamlessly with other GCP services.
    4
    Click on the **Key Management** from the left bar
    information ordinal icon
    **What is Key Management?**\ \ In Google Cloud Platform (GCP), Key Management refers to using **Cloud Key Management Service (Cloud KMS)** to manage cryptographic keys for your applications and services. Cloud KMS allows you to create, import, and manage keys securely in a centralized service. It integrates with other GCP services, providing a consistent way to encrypt data at rest, control access, and audit key usage across your cloud environment. Cloud KMS supports various key types and encryption algorithms, enabling you to protect sensitive data and comply with security requirements.
    5
    **Key Management** wizard will open, click on the **KEY RINGS** tab
    information ordinal icon
    **What are KEY RINGS?**\ \ In Google Cloud Key Management Service (KMS), **Key Rings** are containers for organizing and managing cryptographic keys. They act as a grouping mechanism, allowing you to manage access permissions, lifecycle policies, and audit logging for a set of related keys. Each key ring can contain multiple keys, and all the keys in a key ring share the same location.
    6
    Click on the **CREATE KEY RING** button
    7
    Scroll to the **Key ring name** section and give the name as - "**my-first-key-ring**"
    8
    Scroll to the **Location type** section, select the option **Multi-region** and click on the **CREATE** button
    information ordinal icon
    **What is Location type : Multi-region?**\ \ In Google Cloud, the **Location type: Multi-region** refers to a geographic area that spans multiple regions within a continent. When you choose a multi-region location for your resources, such as Cloud KMS key rings, it provides higher availability and resilience by distributing data across several regional data centers. Examples of multi-regions include `us` (United States), `eu` (Europe), and `asia` (Asia). This setup helps ensure data redundancy and accessibility even if a specific region within the multi-region faces outages.
    9
    On the **Create key** wizard, give the Key name as - "**my-first-key**"
    10
    Scroll to the **Protection Level** section and select the option **Software**
    information ordinal icon
    **What is Name protection level : Software?**\ \ In Google Cloud Key Management Service (KMS), the **Protection Level: Software** indicates that cryptographic operations, like encryption and decryption, are performed using software-based keys. These keys are stored and managed by KMS but are not backed by specialized hardware security modules (HSMs). The software protection level offers a balance between security and cost, suitable for scenarios where hardware-level security isn't a strict requirement.
    11
    Click on the **CONTINUE** button
    12
    Scroll to the **Key material** section, select the option **Generated key** and click on the **CONTINUE** button
    information ordinal icon
    **What is Key Material: Generated Key?**\ \ In Google Cloud Key Management Service (KMS), **Key Material: Generated Key** refers to cryptographic keys that are automatically generated by KMS. When you create a key with this option, KMS uses its internal mechanisms to create the key material, ensuring it meets the required security standards. This is typically the most straightforward way to create keys, as it leverages KMS's secure key generation processes.
    13
    Scroll to the **Purpose** dropdown section and select the option **Symmetric encrypt/decrypt**
    information ordinal icon
    **What is Purpose and algorithm : Symmetric encrypt/decrypt?**\ \ In Google Cloud Key Management Service (KMS), the **Purpose and Algorithm: Symmetric encrypt/decrypt** refers to keys designed for symmetric encryption, where the same key is used for both encrypting and decrypting data. This approach is efficient and suitable for encrypting large amounts of data. Symmetric keys in KMS typically use algorithms like AES (Advanced Encryption Standard) in different modes, such as AES-256-GCM, to ensure secure encryption and decryption processes.