DEV Community

Cover image for How to encrypt disks in GCP?
mkdev.me for mkdev

Posted on • Edited on • Originally published at mkdev.me

How to encrypt disks in GCP?

Today, we're going to talk about encrypting disks in GCP using the Key Management Service, or KMS, and we'll also discuss the three possible ways to encrypt them.

GCP offers robust and versatile encryption solutions. Whether you're looking to encrypt data at rest, in transit, or during processing, GCP has got you covered.

One of the tools that GCP offers for encryption is the Key Management Service, or KMS. KMS allows you to create, import, and manage cryptographic keys for your cloud services. These keys are essential for encrypting and decrypting data.

The first method is using Google-managed encryption keys. This is the default encryption provided by GCP. Here, Google automatically encrypts your data before it's written to disk.

The second method is using customer-managed encryption keys through KMS. This gives you more control over your encryption keys.

And the third method is using customer-supplied encryption keys. This is where you create and manage your own encryption keys outside of GCP.

When you create a disk, it is automatically encrypted with the first method, and if you don’t change any settings, it will always be like that. When we create a disk, the option that is activated is "Google-managed encryption key." And when the disk is created and we check inside, we see "Google-managed."

Now, to use the second method, we first need to create a ring in KMS. This ring is going to be a container for our keys, and this key could be a random one created by Google, or if we have one, we can import it. In our case, we are going to create a software key that will later be used on our disks.

When the key is created inside our ring, we can use it. To do that, when we go to create a disk, in the encryption section, we can choose our encrypted KMS key. And as before, when the disk is created, we can go inside and see how now the disk is not marked as Google-managed because we created the KMS key.

For the third option, we are going to create our own certificate, and to do that, we are going to use a Python script. The problem here is that if you lose this code and for some reason it is needed, you will lose all the information on the disk. As soon as we create the disk and choose the third option, we can paste the key, and now when we go inside the disk, we can see how it is marked as that.

I hope that you enjoy this session and don’t forget to encrypt.


Here' the same article in video form for your convenience:

.

Image of AssemblyAI tool

Transforming Interviews into Publishable Stories with AssemblyAI

Insightview is a modern web application that streamlines the interview workflow for journalists. By leveraging AssemblyAI's LeMUR and Universal-2 technology, it transforms raw interview recordings into structured, actionable content, dramatically reducing the time from recording to publication.

Key Features:
🎥 Audio/video file upload with real-time preview
🗣️ Advanced transcription with speaker identification
⭐ Automatic highlight extraction of key moments
✍️ AI-powered article draft generation
📤 Export interview's subtitles in VTT format

Read full post

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay