You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- customer data is encrypted using a non-default key not provided by Google, ensuring that neither Google nor any other entity can decrypt the data.
- database data is encrypted with a different key as GKE persistent volumes, to increase security
- dedicated CMEK can be rotated manually or automatically when required
-[AES_256_CTR](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) algorithm is used for encryption/descryption with `SOFTWARE` protection level
## How to enable CMEK
Expand All
@@ -19,9 +20,11 @@ or
modify instance `config.yaml` with given annotation:
> [!WARNING] If customer wants to use different algoritm, please contact Security Team.
## How to disable CMEK
When CMEK is enabled for instances, it cannot be disabled. Changing this configuration after the instance is created will require recreation of CloudSQL and Persistent Volumes, which will result in a loss of all data.
