Managing Google EKM Cryptospace Endpoints
For an overview of EKM cryptospaces, refer to Managing Google EKM cryptospaces
After coordinated keys are created in a CCKM cryptospace from Google Cloud KMS through a VPC connection, these keys (or endpoints) are displayed within the Cryptospaces Endpoints tab of the Google Cloud External Key Manager page in CCKM.
Steps to refresh, view, and update a Google EKM cryptospace endpoint using the CCKM GUI are provided on this page:
Refreshing EKM cryptospace endpoints
To refresh all EKM cryptospace endpoints:
Open the Cloud Key Manager application.
In the left pane, click Services > Google Cloud EKM. The Google Cloud External Key Manager page displays.
Click the Cryptospaces Endpoints tab. The list of cryptospace endpoints added to CCKM from Google Cloud KMS through a VPC connection is displayed.
Click *Refresh.
The refreshed cryptospace endpoints are listed on the Cryptospaces Endpoints page.
Viewing EKM cryptospace endpoints
The Cryptospaces Endpoints tab shows the list of existing cryptospace endpoints residing within a given cryptospace. Search for endpoints by Google Key Name, Google Resource Name, Project, or Cryptospace.
To view the list of Google cryptospace endpoints available on CCKM:
Open the Cloud Key Manager application.
In the left pane, click Services > Google Cloud EKM. The Google Cloud External Key Manager page displays.
Click the Cryptospaces Endpoints tab. The list of cryptospace endpoints added to CCKM from Google Cloud KMS through a VPC connection is displayed. The tab displays the following details:
Field Description Google Key Name Name of the Google key. Project Name of the project. Location Location of a cryptospace. Key Type EKM Key type. Options are either symmetric or asymmetric. CryptoSpace Cryptospace name. CryptoSpace Type Cryptospace type. There are two types of cryptospaces. One for EKM endpoints (ekm) and another for EKM UDE endpoints (ekm-ude). Versions Identifier of the latest version of the key. The latest version number will be the number of versions that the key contains. Key Ring The GCP Cloud KMS Key ring name corresponding to this cryptospace endpoint. Google Resource Name The name of the key that includes the full path to the resource. Algorithm EKM Key Algorithm. Supported values are EXTERNAL_SYMMETRIC_ENCRYPTION(AES256), RSA_SIGN_PSS_2048_SHA256, RSA_SIGN_PSS_3072_SHA256, RSA_SIGN_PSS_4096_SHA256, RSA_SIGN_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, EC_SIGN_P256_SHA256,EC_SIGN_P384_SHA38
To view the custom columns, click the Customize View () icon, select the desired option, and click OK to display the column.
Viewing details of an EKM cryptospace endpoint
To view the details of a Google EKM cryptospace endpoints on CCKM:
Open the Cloud Key Manager application.
In the left pane, click Services > Google Cloud EKM. The Google Cloud External Key Manager page displays.
Click the Cryptospaces Endpoints tab. The list of cryptospace endpoints added to CCKM from Google Cloud KMS through a VPC connection is displayed.
On the Cryptospaces Endpoints tab, click the Name link of the desired cryptospace endpoint.
Alternatively, click the overflow icon () corresponding to the desired cryptospace endpoint, and click View/Edit.
The edit view of the CryptoSpace Endpoints page shows additional details of the selected endpoint under the CRYPTOSPACE ENDPOINT POLICY and KEY VERSIONS sections. Note that CRYPTOSPACE ENDPOINT POLICY is uneditable.
Enabling or disabling a key version of an EKM cryptospace endpoint
From the edit view CryptoSpace Endpoints page, you can enable or disable a key version of a cryptospace endpoint in the KEY VERSIONS section.
To enable or disable a key version of a cryptospace endpoint on CCKM:
Under the KEY VERSIONS section, click the overflow icon () corresponding to the desired key version.
Select Enable or Disable depending on the current configuration of the key version.