Release notes
The requested article is not available. Either it doesn't apply to this version of the product or the relevant information is organized differently in this version of the docs. You can search, browse, or go back to the other version.
A newer release of this product is available.
Using customer-managed encryption keys with Cloud Volumes ONTAP
Contributors
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
While Google Cloud Storage always encrypts your data before it’s written to disk, you can use Cloud Manager APIs to create a Cloud Volumes ONTAP system that uses customer-managed encryption keys. These are keys that you generate and manage in GCP using the Cloud Key Management Service.
Steps
-
Give the Connector service account permission to use the encryption key.
-
Obtain the "id" of the key by invoking the get command for the /gcp/vsa/metadata/gcp-encryption-keys API.
-
Use the "GcpEncryption" parameter with your API request when creating a working environment.
Example
"gcpEncryptionParameters": { "key": "projects/tlv-support/locations/us-east4/keyRings/Nikiskeys/cryptoKeys/generatedkey1" }JSON
Refer to the API Developer Guide for more details about using the "GcpEncryption" parameter.
