Handling Encryption Keys with Cloud KMS

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

The process of encrypting and decrypting files requires cryptographic keys. Google Cloud’s Key Management Service (Cloud KMS) allows you to generate, use, rotate, and destroy cryptographic keys in a variety of formats. Managing the keys is another challenge, one that Cloud KMS meets with its ability to create keyrings as well as keys. In this hands-on lab, we’ll establish a new keyring and key, use them to encrypt a formerly top-secret file, and then decrypt the encrypted version.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable Cloud KMS
  1. From the main Google Cloud console navigation, choose APIs & Services > Library.
  2. Search for KMS, and enable the service.
Create a Keyring and Key
  1. Activate the Cloud Shell by clicking its icon in the top navigation bar.
  2. In the Cloud Shell, create the initial keyring.
  3. Create a key for the new keyring.
  4. List the existing keys within the CLI.
Retrieve the Example File
  1. Clone the GitHub repository:
    git clone https://github.com/linuxacademy/content-gcpro-security-engineer
  2. Change directory to the content-gcpro-security-engineer/kms-encrypt-lab folder:
    cd content-gcpro-security-engineer/kms-encrypt-lab
  3. Open the Cloud Shell Editor by clicking the pencil icon.
  4. Review the file top-secret-ufo-1950.txt.
Encrypt and Decrypt the File
  1. In the Cloud Shell, encrypt the top-secret-ufo-1950.txt file and set the name to top-secret-ufo-1950.txt.encrypted.
  2. Review the top-secret-ufo-1950.txt.encrypted file.
  3. In the Cloud Shell, decrypt the encrypted file and set the name to top-secret-ufo-1950.txt.decrypted.
  4. Review the top-secret-ufo-1950.txt.decrypted file.

Additional Resources

Your company has recently received a government contract to store sensitive documents. You have been asked to get familiar with Cloud KMS to better understand the process of encrypting and decrypting files.

You’ll need to complete the following steps to accomplish your task:

  1. Enable Cloud KMS.
  2. Create a keyring.
  3. Retrieve files from the repo.
  4. Encrypt the plain text document.
  5. Decrypt the encrypted document.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?