English

Using customer-managed encryption keys with Cloud Volumes ONTAP

Contributors netapp-bcammett Download PDF of this page

While Google Cloud Storage always encrypts your data before it’s written to disk, you can use Cloud Manager APIs to create a Cloud Volumes ONTAP system that uses customer-managed encryption keys. These are keys that you generate and manage in GCP using the Cloud Key Management Service.

Steps
  1. Give the Connector service account permission to use the encryption key.

    screenshot gcp key

  2. Obtain the "id" of the key by invoking the get command for the /gcp/vsa/metadata/gcp-encryption-keys API.

  3. Use the "GcpEncryption" parameter with your API request when creating a working environment.

    Example

    "gcpEncryptionParameters": {
        "key": "projects/tlv-support/locations/us-east4/keyRings/Nikiskeys/cryptoKeys/generatedkey1"
      }

Refer to the API Developer Guide for more details about using the "GcpEncryption" parameter.