The process of encrypting and decrypting files requires cryptographic keys. Google Cloud’s Key Management Service (Cloud KMS) allows you to generate, use, rotate, and destroy cryptographic keys in a variety of formats. Managing the keys is another challenge, one that Cloud KMS meets with its ability to create keyrings as well as keys. In this hands-on lab, we’ll establish a new keyring and key, use them to encrypt a formerly top-secret file, and then decrypt the encrypted version.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Enable Cloud KMS
- From the main Google Cloud console navigation, choose APIs & Services > Library.
- Search for KMS, and enable the service.
- Create a Keyring and Key
- Activate the Cloud Shell by clicking its icon in the top navigation bar.
- In the Cloud Shell, create the initial keyring.
- Create a key for the new keyring.
- List the existing keys within the CLI.
- Retrieve the Example File
- Clone the GitHub repository:
git clone https://github.com/linuxacademy/content-gcpro-security-engineer - Change directory to the
content-gcpro-security-engineer/kms-encrypt-labfolder:
cd content-gcpro-security-engineer/kms-encrypt-lab - Open the Cloud Shell Editor by clicking the pencil icon.
- Review the file
top-secret-ufo-1950.txt.
- Clone the GitHub repository:
- Encrypt and Decrypt the File
- In the Cloud Shell, encrypt the
top-secret-ufo-1950.txtfile and set the name totop-secret-ufo-1950.txt.encrypted. - Review the
top-secret-ufo-1950.txt.encryptedfile. - In the Cloud Shell, decrypt the encrypted file and set the name to
top-secret-ufo-1950.txt.decrypted. - Review the
top-secret-ufo-1950.txt.decryptedfile.
- In the Cloud Shell, encrypt the
