All cloud service providers have their own Key management systems and customer keys can be imported when desired. However i want to have private control over keys such that keys are provided externally and never imported into the KMS.So the cloud provider should be able to access the external key without importing. Or another case could be where public keys are at the cloud provider but only client has access to private keys externally. Any help or ideas will be appreciated
Asked
Active
Viewed 53 times
1 Answers
2
On Google Cloud, you can do this with External Key Manager (EKM) https://cloud.google.com/kms/docs/ekm
sethvargo
- 26,739
- 10
- 86
- 156
-
Thank you for your response. Can these keys then be used to encrypt storage as well? e.g just like customer managed master keys CMEK are used for storage encryption in google? – devcloud Aug 03 '20 at 12:32