A company is migrating sensitive customer data to Google Cloud. They need to ensure data is encrypted at rest and in transit. Which Google Cloud service provides a centralized way to manage encryption keys used by Google Cloud services?
Trap 1: Cloud HSM
Cloud HSM is a hardware security module service for managing encryption keys, but Cloud KMS is the more general key management service.
Trap 2: Cloud External Key Manager (Cloud EKM)
Cloud EKM allows you to use keys managed outside Google Cloud, but it's not the centralized service for GCP-managed keys.
Trap 3: Secret Manager
Secret Manager is for storing API keys, passwords, and certificates, not encryption keys for GCP services.
- A
Cloud HSM
Why wrong: Cloud HSM is a hardware security module service for managing encryption keys, but Cloud KMS is the more general key management service.
- B
Cloud External Key Manager (Cloud EKM)
Why wrong: Cloud EKM allows you to use keys managed outside Google Cloud, but it's not the centralized service for GCP-managed keys.
- C
Cloud Key Management Service (Cloud KMS)
Cloud KMS provides centralized management of encryption keys used by Google Cloud services.
- D
Secret Manager
Why wrong: Secret Manager is for storing API keys, passwords, and certificates, not encryption keys for GCP services.