Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP)

Data States Encryption

Types of Data Encryption

It is highly recommended to encrypt both Data at Rest and Data at Transit

Symmetric Key Encryption

Symmetric Key Encryption uses same key for both Encryption…


This content originally appeared on DEV Community and was authored by Latchu@DevOps

Data States Encryption

kms-1

Types of Data Encryption

kms-2

It is highly recommended to encrypt both Data at Rest and Data at Transit

Symmetric Key Encryption

  1. Symmetric Key Encryption uses same key for both Encryption and Decryption
  2. Example Encryption Algorithms
  • DES – Data Encryption Standard
  • Triple DES
  • AES – Advanced Encryption Standard
  • IDEA - International Data Encryption Algorithm

kms-3

Advantages

  • Security: Algorithms like AES take billions of years to crack using brute-force attacks.
  • Speed: Because of its shorter key it is much faster to execute and uses less resources (CPU, Memory) to Encrypt and Decrypt
  • Industry adoption and acceptance: Algorithms like AES have become the gold standard of data encryption because of their security and speed benefits and hugely in use industry wide.
  • RECOMMENDED for Bulk Data Transfers

Challenges

  • How to secure encryption key ?
  • How to share encryption key ?

Asymmetric Key Encryption

  1. Asymmetric Key Encryption uses two keys: Private and Public Keys
  2. Encrypts data with public key and decrypts with private key
  3. Example Encryption Algorithms
  • RSA: Digital Signature Standard
  • DSC: Digital Signature Standard
  • DSA: Digital Signature Algorithm
  • ECC: Elliptical Curve Cryptography

kms-4

Advantages

  • Private key is not shared. Overall process is more secure when compared to Symmetric key encryption

Disadvantages

  • The encryption process is slow
  • Resource utilization is very high
  • Not recommended for bulk data transfers

Google Cloud - Key Management Service (KMS)

  1. Cloud KMS is used to centrally manage encryption keys on GCP
  2. Supports both Symmetric and Asymmetric key encryptions
  3. Use KMS generated encryption keys in your applications and GCP Services (Compute Engine, Cloud SQL)
  4. KMS provides an API to encrypt, decrypt or sign data which can be used in our Application Development.
  5. Key Management Options available for use
  • Google-managed encryption key (No configuration required)
  • CMEK: Customer-managed encryption key (Manage via Cloud KMS)
  • CSEK: Customer-supplied encryption key (Manage outside of Google cloud)

kms-5

Google-managed encryption key is applied by default


This content originally appeared on DEV Community and was authored by Latchu@DevOps


Print Share Comment Cite Upload Translate Updates
APA

Latchu@DevOps | Sciencx (2025-08-22T14:09:57+00:00) Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP). Retrieved from https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/

MLA
" » Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP)." Latchu@DevOps | Sciencx - Friday August 22, 2025, https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/
HARVARD
Latchu@DevOps | Sciencx Friday August 22, 2025 » Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP)., viewed ,<https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/>
VANCOUVER
Latchu@DevOps | Sciencx - » Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP). [Internet]. [Accessed ]. Available from: https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/
CHICAGO
" » Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP)." Latchu@DevOps | Sciencx - Accessed . https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/
IEEE
" » Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP)." Latchu@DevOps | Sciencx [Online]. Available: https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/. [Accessed: ]
rf:citation
» Part-21: Compute Engine Storage – Key Management Service (Cloud KMS) in Google Cloud Platform (GCP) | Latchu@DevOps | Sciencx | https://www.scien.cx/2025/08/22/part-21-compute-engine-storage-key-management-service-cloud-kms-in-google-cloud-platform-gcp/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts