Key Management Service

The Google Cloud Key Management Service (KMS) provides Protegrity Serverless solution the ability to encrypt and decrypt the Protegrity Security Policy.

To create KMS Key Ring and Asymmetric Encryption Master Key:

1. Log in to Google Account and select project where Protegrity service will be installed.

2. Navigate to Security > Key Management.

3. Select Create key ring.

4. Specify key ring name. For example, protegrity-policy-keyring.

5. select Key ring location which corresponds to the region where Protegrity solution will be installed.

   Note

   A key’s location impacts the performance of protect service.

6. Select Create.

7. Select CREATE KEY to create encryption key.

8. Specify key name. For example, protegrity-policy-key.

9. under Purpose selection, select Asymmetric Decrypt .

10. Select Key Algorithm. For example, 3072-bit RSA with OAEP Padding and SHA256 digest.

11. Select Create.

12. Once the key is created, a screen opens on the key. If the screen does not appear, click on the key name.

13. Then click on the elipses under Actions that is next to the key version.

14. Select Copy Resource Name and record the value below, e.g., projects/{project-id}/locations/region/keyRings/{key-ring}/cryptoKeys/{key-name}/cryptoKeyVersions/1

    Policy Encryption Key Version Resource Name: ___________________