Customer-managed encryption keys for Cloud BigTable.
By default, all the data at rest in Cloud Bigtable is encrypted using Google's default encryption. Bigtable handles and manages this encryption for you without any additional action on your part.
If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) for BigTable. Instead of Google managing the encryption keys that protect your data, your BigTable instance is protected using a key that you control and manage in Cloud Key Management Service (Cloud KMS).
Features
Security: CMEK provides the same level of security as Google's default encryption but provides more administrative control.
Data access control: Administrators can rotate, manage access to, and disable or destroy the key used to protect data at rest in BigTable .
Auditability: All actions on your CMEK keys are logged and viewable in Cloud Logging.
Comparable performance: BigTable CMEK-protected instances offer comparable performance to BigTable instances that use Google default encryption.
Flexibility: You can use the same CMEK key in multiple projects or instances or you can use separate keys, depending on your business needs.
Submit