Implementing Customer Managed Encryption Keys (CMEK) with Google Key Management Service

This course covers the creation and validation of secrets and keys and the use of the Google Key Management Service (KMS) to rotate keys, create hierarchies, and work with keys and secrets on the cloud.
Course info
Level
Intermediate
Updated
Jan 9, 2019
Duration
1h 40m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jan 9, 2019
Duration
1h 40m
Description

At the core of cloud data encryption is a thorough knowledge of Customer-Managed Encryption Keying (CMEK). In this course, Implementing Customer Managed Encryption Keys (CMEK) with Google Key Management Service, you’ll see how to implement and manage encryption keys on the Google Cloud Platform. First, you’ll learn what symmetric and asymmetric keys are and how to create and rotate them. Next, you’ll explore how to protect secrets using symmetric keys and how to validate them using digital signatures. Finally, you’ll discover how to use advanced features to further secure your data and resources on the cloud. When you’re finished with this course, you’ll have a foundational knowledge of the Google Key Management Service that will help you as you move forward to create and rotate cloud-hosted keys and manage secrets on the GCP.

About the author
About the author

An engineer and tinkerer, Vitthal has worked at Google, Credit Suisse, and Flipkart and studied at Stanford and INSEAD. He has worn many hats, each of which has involved writing code and building models. He is passionately devoted to his hobby of laughing at his own jokes.

More from the author
Leveraging Load Balancing Options on the GCP
Intermediate
2h 24m
Jan 17, 2019
More courses by Vitthal Srinivasan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, my name is Vitthal Srinivasan, and I'd like to welcome you to this course on Implementing Customer Managed Encryption Keys with Google Key Management Service. First, a little bit about myself, I have masters degrees in financial math and electrical engineering from Stanford University and have previous worked in companies such as Google in Singapore and Credit Suisse in New York. I am now co-founder at Loonycorn, a studio for high-quality video content based in Bangalore, India. Data encryption is an increasingly important design choice in cloud-based architectures, and the GCP provides three choices, Google-managed encryption, customer-supplied encryption keying, and customer-managed encryption keying. The difference between customer-supplied and customer-managed encryption comes down to whether the keys physically reside on the cloud. Working with keys and ensuring that best practices are followed can get a bit confusing given all of these options. So in this course, you will gain the ability to create and manage keys on the Google Cloud Platform, and implement three specific patterns of encryption using the Google Key Management Service. First you will learn what symmetric and asymmetric keys are, and how these can be created and rotated. Next you will discover how to protect secrets using symmetric keys and validating digital signatures. Symmetric encryption refers to the use of the same key for both encryption and decryption of data. This is relatively simple because there is just one key in existence; however, it has the drawback that both the sender and the receiver offer message need to posses that one key. Public-key cryptography or asymmetric cryptography, as it's also known, involves the creation of key pairs, which consist of one private key and one public key. In some applications such as digital signatures, the message is encrypted using the private key, and the recipients verify the integrity of that signed message using the corresponding public key. In another category of usage called asymmetric encryption, the public key of a recipient is used to encrypt a message, which can then only be decrypted and read by that recipient using the private key. Finally, you will explore how to use advanced features such as a hardware security module, or HSM, and additional authenticated data to further secure your data and resources on the cloud. When you're finished with this course, you will have the skills and the knowledge of the Google Key Management Service needed to create and rotate cloud-hosted keys and also to effectively manage secrets on the GCP.