Data encryption at rest
Suggest changes
-
PDF of this doc site
- Artificial Intelligence
-
Containers
- Red Hat OpenShift with NetApp
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
All volumes in Cloud Volumes Service are encrypted-at-rest using AES-256 encryption, which means all user data written to media is encrypted and can only be decrypted with a per-volume key.
-
For CVS-SW, Google-generated keys are used.
-
For CVS-Performance, the per-volume keys are stored in a key manager built into the Cloud Volumes Service.
Starting in November 2021, preview customer-managed encryption keys (CMEK) functionality was made available. This enables you to encrypt the per-volume keys with a per-project, per-region master key that is hosted in Google Key Management Service (KMS). KMS enables you to attach external key managers.
For information about configuring KMS for CVS-Performance, see Setting up customer-managed encryption keys.