Introduction

This document describes the integration of Google Cloud Platform (GCP) Bring Your Own Key (BYOK), referred to as GCP BYOK in this guide, with the Entrust KeyControl Key Management Solution (KMS).

Documents to read first

This guide describes how to configure Entrust KeyControl server as a KMS in GCP.

Entrust KeyControl v10.1 supports BYOK as an add-on. You can request a free trial of Entrust KeyControl BYOK here: https://go.entrust.com/keycontrol-byok-30-day-free-trial.

To install and configure the Entrust KeyControl server see KeyControl Installation and Upgrade Guide.

Also refer to the documentation and set-up process for GCP BYOK in the Google Cloud Key Management Service documentation.

Product configurations

Entrust has successfully tested the integration of KeyControl with GCP BYOK in the following configurations:

System	Version
Entrust KeyControl	10.1

System

Version

Entrust KeyControl

10.1

Features tested

Entrust has successfully tested the following features:

Feature	Tested
Create cloud key	✓
Import cloud key	✓
Rotate cloud key	✓
Remove cloud key	✓
Upload removed cloud key	✓
Delete cloud key	✓
Cancel cloud key deletion	✓

Feature

Tested

Create cloud key

✓

Import cloud key

✓

Rotate cloud key

✓

Remove cloud key

✓

Upload removed cloud key

✓

Delete cloud key

✓

Cancel cloud key deletion

✓

Requirements

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.