Reputation: 33
EKM rotation in GCP
I have concerns about key rotation management in GCP. If we use Fortanix as an EKM and implement a rotation every 30 days, do we need to manually update the key reference on the GCP side, or is it possible to automate this process?
When we define a Key in Fortanix we give the URL to cloud team to configure the EKM functionality. Now, if we rotate this what shall we do on GCP side? The URL contains th KeyID reference that will change. So, i think that each time we rotate the key, our colleagues will need to update the URL in GCP.
Is there any way to automate this process?
Upvotes: 1
Views: 42
Answers (1)
Reputation: 1262
From Fortanix Data Security Manager with Google Cloud EKM - Best Practices and FAQ:
Key Management Operations
- Fortanix supports AES key for Google EKM.
- Automatic rotation for the CMEK is not supported by Google.
- You can rotate a key from Fortanix and use the new EKM key version URL to rotate the key in Google KMS. This process is manual.
It seems that only manual rotation is supported for the time being.
Upvotes: 0
Related Questions
- Is it possible to create a Google Cloud Platform project via REST API without an existent GCP project?
- How to change the project in GCP using CLI commands
- Clarification on key rotation in gcp
- Send trigger when a key in KMS is rotated
- Is there a GCP service that could be used as EKM for MS SQL Server?
- GCP dataproc with presto - is there a way to run queries remotely via python using pyhive?
- URL not found appears when try to deploy with cloud build (gcp)
- Google OAuth 2.0 using Python for GCP BigQuery