GCPcloud~30 mins

Cloud KMS for key management in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Cloud KMS for key management

📖 Scenario: You are working on a Google Cloud project that needs to securely manage encryption keys. You will use Google Cloud Key Management Service (Cloud KMS) to create and manage cryptographic keys for your project.

🎯 Goal: Build a Cloud KMS keyring and a cryptographic key within it using Google Cloud SDK commands. This will help you securely manage encryption keys for your cloud resources.

📋 What You'll Learn

Create a Cloud KMS keyring named my-keyring in the us-central1 location

Create a symmetric encryption key named my-key inside the my-keyring

Set the purpose of the key to ENCRYPT_DECRYPT

Use the Google Cloud SDK gcloud commands for all steps

💡 Why This Matters

🌍 Real World

Cloud KMS is used in real projects to securely manage encryption keys that protect sensitive data in cloud applications and services.

💼 Career

Understanding Cloud KMS is essential for cloud engineers and security professionals to implement secure key management and comply with data protection standards.

Progress0 / 4 steps

Create a Cloud KMS keyring

Use the gcloud kms keyrings create command to create a keyring named my-keyring in the us-central1 location.

GCP

# Use gcloud command to create keyring my-keyring in us-central1
# Your code here

Need a hint?

Remember to specify the keyring name my-keyring and location us-central1 exactly.

Set the key purpose variable

Create a shell variable named KEY_PURPOSE and set it to ENCRYPT_DECRYPT to specify the key's purpose.

GCP

# Set KEY_PURPOSE variable to ENCRYPT_DECRYPT
# Your code here

Need a hint?

Use the syntax KEY_PURPOSE=ENCRYPT_DECRYPT to set the variable.

Create a symmetric encryption key

Use the gcloud kms keys create command to create a symmetric key named my-key inside the my-keyring in us-central1. Use the variable $KEY_PURPOSE for the key's purpose.

GCP

# Create symmetric key my-key in my-keyring with purpose $KEY_PURPOSE
# Your code here

Need a hint?

Use gcloud kms keys create my-key --location=us-central1 --keyring=my-keyring --purpose=$KEY_PURPOSE.

Verify the key creation

Use the gcloud kms keys list command to list keys in the my-keyring at us-central1 location to verify that my-key was created.

GCP

# List keys in my-keyring to verify creation
# Your code here

Need a hint?

Use gcloud kms keys list --location=us-central1 --keyring=my-keyring to see the keys.