Setup HYOK for GCP
Per-Tenant Encryption Pricing
The Per-Tenant Encryption feature is part of the paid Security & Data Pro add-on. Contact your Ironclad account representative for more information about purchasing this package.
See an overview of the Security & Data Pro Add-on in our Help Center
Hold Your Own Key (HYOK) with GCP
-
Enable advanced data encryption under company settings β settings and click on save changes button on bottom right (appears once you check box advanced data encryption)
-
Now click on
configure encryption
button which should take you to the following screen with three options: -
Select option b from step 2 and then click Next to select the location where your root key will be stored:
-
Select Google Cloud Key Management and then select on Guide me through creating a new key for wrapping. Click next to view and copy the configuration code that you will have to run on GCP cloud shell.
-
Copy the code. You can adjust the
LOCATION
andKEYRING_ID
values to fit your needs. -
Now paste the code on cloud shell and run it to generate an ARN string of the key alias.
-
Copy the ARN string, paste it into onboarding page, and then apply the changes. Once you see the success message you should be all set and encryption policy is now is use.
Updated about 2 months ago