Introduction

This document describes the integration of Google Cloud Platform (GCP) External Key Manager (EKM), referred to as GCP EKM in this guide, with the Entrust KeyControl Vault Key Management Solution (KMS).

Documents to read first

This guide describes how to configure KeyControl Vault server as a KMS in GCP. To install and configure the KeyControl Vault server see KeyControl Vault Installation and Upgrade Guide.

Also refer to the documentation and set-up process for GCP EKM in the Google Cloud External Key Manager documentation.

Product configurations

Entrust has successfully tested the integration of KeyControl Vault with GCP EKM in the following configurations:

System	Version
KeyControl Vault	10.2 / 10.3.0

System

Version

KeyControl Vault

10.2 / 10.3.0

Features tested

Entrust has successfully tested the following features:

Feature	Tested
Create cloud key	✓
Enable cloud key	✓
Disable cloud key	✓
Rotate cloud key	✓
Delete a cloud key	✓
Cancel cloud key deletion	✓
Access an object protected by cloud key in GCP	✓
Sign/Verify an input file with GCP cloud key	✓

Feature

Tested

Create cloud key

✓

Enable cloud key

✓

Disable cloud key

✓

Rotate cloud key

✓

Delete a cloud key

✓

Cancel cloud key deletion

✓

Access an object protected by cloud key in GCP

✓

Sign/Verify an input file with GCP cloud key

✓

Requirements

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.