Google Cloud: Handling Encryption Keys with Cloud KMS

Google Cloud: Handling Encryption Keys with Cloud KMS

In this tutorial you will learn the process of encrypting and decrypting files using cryptographic keys. Google Cloud’s Key Management Service (Cloud KMS) allows you to generate, use, rotate, and destroy cryptographic keys in a variety of formats. Google Cloud KMS allows you to create keyrings and keys. This tutorial will show you how to create a new keyring and key, use them to encrypt a formerly top-secret file, and then decrypt the encrypted version.

Enable Cloud KMS

  •  Google Cloud console navigation, choose APIs & Services > Library.
  • Search for KMS, and enable the service.

Create a Keyring and Key

1. Activate the Cloud Shell by clicking its icon in the top navigation bar.

2. In the Cloud Shell, create the initial keyring with this command:

 gcloud kms keyrings create la-keyring --location global

3. Run the following command to create a key for the new keyring

gcloud kms keys create la-key --location global --keyring la-keyring --purpose encryption

4. Run the following command to list the existing keys

gcloud kms keys list --location global --keyring la-keyring

Retrieve the Example File

1. Clone the GitHub repository:

git clone

2. Change directory to the content-gcpro-security-engineer/kms-encrypt-lab folder2.

cd content-gcpro-security-engineer/kms-encrypt-lab

3. Open the Cloud Shell Editor by clicking the pencil icon.

4. Review the file top-secret-ufo-1950.txt4.

Encrypt and Decrypt the File

1. In Shell run the following command to encrypt the file

gcloud kms encrypt --location global --keyring la-keyring --key la-key --plaintext-file top-secret-ufo-1950.txt --ciphertext-file top-secret-ufo-1950.txt.encrypted

2. Review the file top-secret-ufo-1950.txt.encrypted2. Review the file

3. Run the following command to decrypt the encrypted file

gcloud kms decrypt --location global --keyring la-keyring --key la-key --ciphertext-file top-secret-ufo-1950.txt.encrypted --plaintext-file top-secret-ufo-1950.txt.decrypted

4. Review the file top-secret-ufo-1950.txt.decrypted

Share Tweet Send
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.