Securing financial data using Cloud KMS
Cloud KMS is GCP's key management service, which generates, rotates, and destroys AES256 encryption keys. Coupled with IAM and Cloud Audit Logging, we can provide granular access at a key level and monitor their usage. We can use the KMS feature via API calls and client libraries for different languages. In this recipe, we'll use KMS to encrypt a small piece of sensitive data using Google's command-line tools. This will show us the ease of use of Cloud KMS and the absence of any overhead of managing keys or encryption libraries.
Getting ready
The following are the initial setup verification steps, which are required before the recipe can be executed:
- Create or select a GCP project.
- Enable billing and enable the default APIs (some APIs like BigQuery, storage, monitoring, and a few others are enabled automatically).
- Enable the KMS API for the project you have selected:
gcloud services enable cloudkms.googleapis.comHow to do it...
This recipe will be of two...
