Handling Encryption Keys with Cloud KMS

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

The process of encrypting and decrypting files requires cryptographic keys. Google Cloud’s Key Management Service (Cloud KMS) allows you to generate, use, rotate, and destroy cryptographic keys in a variety of formats. Managing the keys is another challenge, one that Cloud KMS meets with its ability to create keyrings as well as keys. In this hands-on lab, we’ll establish a new keyring and key, use them to encrypt a formerly top-secret file, and then decrypt the encrypted version.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable Cloud KMS
  1. From the main Google Cloud console navigation, choose APIs & Services > Library.
  2. Search for KMS, and enable the service.
Create a Keyring and Key
  1. Activate the Cloud Shell by clicking its icon in the top navigation bar.
  2. In the Cloud Shell, create the initial keyring with this command:
    gcloud kms keyrings create la-keyring –location global
  3. Run the following command to create a key for the new keyring:
    gcloud kms keys create la-key –location global –keyring la-keyring –purpose encryption
  4. Run the following command to list the existing keys:
    gcloud kms keys list –location global –keyring la-keyring
Retrieve the Example File
  1. Clone the GitHub repository:
    git clone https://github.com/linuxacademy/content-gcpro-security-engineer
  2. Change directory to the content-gcpro-security-engineer/kms-encrypt-lab folder:
    cd content-gcpro-security-engineer/kms-encrypt-lab
  3. Open the Cloud Shell Editor by clicking the pencil icon.
  4. Review the file top-secret-ufo-1950.txt.
Encrypt and Decrypt the File
  1. In the Cloud Shell, run the following command to encrypt the example file:
    gcloud kms encrypt –location global –keyring la-keyring –key la-key –plaintext-file top-secret-ufo-1950.txt –ciphertext-file top-secret-ufo-1950.txt.encrypted
  2. Review the file top-secret-ufo-1950.txt.encrypted.
  3. Run the following command to decrypt the encrypted file:
    gcloud kms decrypt –location global –keyring la-keyring –key la-key –ciphertext-file top-secret-ufo-1950.txt.encrypted –plaintext-file top-secret-ufo-1950.txt.decrypted
  4. Review the file top-secret-ufo-1950.txt.decrypted.

Additional Resources

Your company has recently received a government contract to store sensitive documents. You have been asked to get familiar with Cloud KMS to better understand the process of encrypting and decrypting files.

You’ll need to complete the following steps to accomplish your task:

  1. Enable Cloud KMS.
  2. Create a keyring.
  3. Retrieve files from the repo.
  4. Encrypt the plain text document.
  5. Decrypt the encrypted document.
What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?