| sidebar | permalink | keywords | summary |
|---|---|---|---|
sidebar |
task_setting_up_gcp_encryption.html |
encryption, gcp, encryption key, permissions, customer-managed, gcpencryption |
While Google Cloud Storage always encrypts your data before it’s written to disk, you can use Cloud Manager APIs to create a Cloud Volumes ONTAP system that uses customer-managed encryption keys. These are keys that you generate and manage in GCP using the Cloud Key Management Service. |
While Google Cloud Storage always encrypts your data before it’s written to disk, you can use Cloud Manager APIs to create a Cloud Volumes ONTAP system that uses customer-managed encryption keys. These are keys that you generate and manage in GCP using the Cloud Key Management Service.
Steps
-
Give the Connector service account permission to use the encryption key.
-
Obtain the "id" of the key by invoking the get command for the /gcp/vsa/metadata/gcp-encryption-keys API.
-
Use the "GcpEncryption" parameter with your API request when creating a working environment.
Example
"gcpEncryptionParameters": { "key": "projects/tlv-support/locations/us-east4/keyRings/Nikiskeys/cryptoKeys/generatedkey1" }
Refer to the API Developer Guide for more details about using the "GcpEncryption" parameter.