Introduction
|
Entrust KeyControl has been rebranded as the Entrust Cryptographic Security Platform (CSP) Key Manager. The Entrust CSP Key Manager continues to provide a comprehensive solution for discovering and managing the lifecycles of cryptographic keys, secrets, certificates, tokens, libraries, protocols, and configurations:
Because the Entrust integrations are tested against specific product versions, this guide is still branded as a "KeyControl" integration. It was tested against a pre-CSP version of KeyControl. Exercise caution when using an Entrust Integration Guide with a product version that does not match the tested version, because your version might not function in exactly the same way. Entrust cannot guarantee the success of integrations in configurations other than those indicated in the guide. This guide remains on the website for customers using pre-CSP versions of KeyControl. |
This document describes the integration of Google Cloud Platform (GCP) External Key Manager (EKM), referred to as GCP EKM in this guide, with the Entrust KeyControl Vault Key Management Solution (KMS).
Documents to read first
This guide describes how to configure KeyControl Vault server as a KMS in GCP. To install and configure the KeyControl Vault server see KeyControl Vault Installation and Upgrade Guide.
Also refer to the documentation and set-up process for GCP EKM in the Google Cloud External Key Manager documentation.
Product configurations
Entrust has successfully tested the integration of KeyControl Vault with GCP EKM in the following configurations:
| System | Version |
|---|---|
KeyControl Vault |
10.2 / 10.3.0 |
Features tested
Entrust has successfully tested the following features:
| Feature | Tested |
|---|---|
Create cloud key |
✓ |
Enable cloud key |
✓ |
Disable cloud key |
✓ |
Rotate cloud key |
✓ |
Delete a cloud key |
✓ |
Cancel cloud key deletion |
✓ |
Access an object protected by cloud key in GCP |
✓ |
Sign/Verify an input file with GCP cloud key |
✓ |