Is there a GCP service that could be used as EKM for MS SQL Server?

Question

I have an SQL Server on Google Compute's VM. I would like to use Extensible Key Management. The requirement is to have everything in GCP. Ideally I would like Google Cloud Platform to be the provider of EKM. Otherwise I will have to install a third party EKM in GCP.

I looked into Google KMS but I cannot see any integration with SQL Server. I cannot find any info about other Google services being able to manage keys and to integrate with MS SQL Server.

I am struggling to find any answers on Google.

Is there a GCP service that could do that?

UPDATE: MS SQL Server has multiple databases. I would like to have each database encrypted with a different key and allow for a regular change of keys.

Can you check if [customer-managed encryption keys (CMEK)](https://cloud.google.com/sql/docs/sqlserver/configure-cmek) address your question? — Robert G, Nov 11 '22 at 18:25
From what I have read and understood it can be used only with Cloud SQL. — Marcin Kulik, Nov 12 '22 at 19:18

score 0 · Answer 1 · answered Nov 14 '22 at 15:00

0

https://cloud.google.com/compute/docs/disks/customer-managed-encryption may meet your needs. This page describes how to use CMEK keys from KMS on a Compute VM and which parts of the VM are protected.

answered Nov 14 '22 at 15:00

brodheim

38
4

Thanks, I believe CMEK would allow me to encrypt a VM or a persistent disk. However my SQL Server has multiple databases and each db needs a different encryption. I am not sure if this could be applied in such scenario? Maybe if each database had a separate persistent disk but I do not think this is a practice used in managing SQL servers. – Marcin Kulik Nov 15 '22 at 10:32

Is there a GCP service that could be used as EKM for MS SQL Server?

1 Answers1