Google Cloud Projects
This section describes how to manage Google Cloud projects on CCKM. Before proceeding, make sure that a connection to a Google Cloud service account is configured on the CipherTrust Manager.
After you have configured a connection, Google Cloud projects can be added, modified, or deleted on the Projects tab of the Google page.
Adding a Google Cloud Project
To add a Google Cloud project on CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google. The Google page contains two tabs: Key Rings and Projects.
Click the Projects tab.
Click Add Existing Project. The Add Existing Google Project screen displays.
Under Select Method, select Select From List. This option allows you to select an existing project from a list of connections stored in CipherTrust Connection Manager.
The Manually Enter Project ID option allows you manually enter a project ID to connect to a project without credentials. This option is only applicable if you are integrating the Google Cloud External Key Manager (EKM) service with CCKM to create and manage endpoints in CCKM for Google Cloud EKM service to access Key Encryption Keys (KEKs).
Select the desired connection from the Connection drop-down list. The linked Google Cloud projects are auto-populated in the Project ID drop-down list.
Select the desired project ID from the Project ID drop-down list.
(Optional) Use the Enable success audit events toggle to enable or disable audit recording of successful operations within the given Google cloud project. This toggle is set to enable, by default.
Click Add Project.
A success message is displayed on the screen and the selected project ID is displayed on the Projects tab.
Viewing Google Projects
The Projects tab shows the list of existing Google projects. Search for projects by Name or Connection.
To view the list of Google projects available on CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google. The Google page displays the Google Cloud projects and key rings added to CCKM, not all available on Google Cloud.
Click the Projects tab. The list of projects added to CCKM is displayed. The tab displays the following details:
Field Description Project ID ID of the project. Name Name of the project. Connection Name of the Google Cloud connection with the CipherTrust Manager. Organization Organization of the project. Date Added Time when the project was added to CCKM.
To view the custom columns, click the Customize View () icon, select the desired option, and click OK to display the column.
Viewing Details of a Google Cloud Project
To view the details of a Google Cloud project on CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google.
Click the Projects tab. The list of projects added to CCKM is displayed.
On the Projects tab, click the Name link of the desired project.
Alternatively, click the overflow icon () corresponding to the desired project, and click View/Edit.
The edit view of the Google Projects page shows additional details of the selected project under the ACCESS CONTROL and GENERAL INFO sections.
Update General Information for a Google Project
From the details page of a Google project, the Connection name, which is uneditable, is displayed along with the Enable success audit events toggle. This toggle allows you change the setting for the audit recording of successful EKM operations within a Google project by enabling or disabling this feature.
To update the Google project
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google.
Click the Projects tab. The list of projects added to CCKM is displayed.
On the Projects tab, click the Name link of the desired project.
Alternatively, click the overflow icon () corresponding to the desired project, and click View/Edit.
The edit view of the Google Projects page shows additional details of the selected project under the ACCESS CONTROL and GENERAL INFO sections.
Under GENERAL INFO, use the Enable success audit events toggle to change the current setting.
Click Update.
Managing User Permissions on Google Cloud Projects
To work with the Google Cloud, users/group must have the minimum set of permissions that allow them to use the Google Cloud resources, such as keys and Google Cloud projects. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.
Note
Only the users who are a member of the CCKM Users group will be granted permissions to perform operations on Google Cloud projects.
Adding Permissions for a User/Group
To add permissions for a user/group:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google.
Click the Projects tab.
On the Projects tab, click the Name link of the desired project.
Alternatively, click the overflow icon () corresponding to the desired project, and click View/Edit.
In the ACCESS CONTROL section, click Assign User/Group. The Assign User/Group dialog box is displayed.
Select the desired user or group from the User/Group drop-down list.
Click Save.
The newly added user/group is displayed under Name in the ACCESS CONTROL section. You can now grant additional permissions to the user/group, as appropriate. Refer to Granting Permission to Perform an Operation for details.
Allowed Operations
CCKM allows the following operations on Google Cloud projects for CryptoSpace(s): View, Create, Edit, Delete, Block, Unblock, and Unassign.
CCKM allows the following operations on Google Cloud projects for CryptoSpace Endpoints: View, Enable, Disable, and Unassign.
Granting Permission to Perform an Operation
To grant permissions to the user or group to perform any of the above mentioned operations:
In the ACCESS CONTROL section, click CryptoSpace(s) or CryptoSpace Endpoints tab.
Select the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A success message is displayed on the screen.
To revoke permissions from a user/group, refer to Removing a Permission for details.
Removing a Permission
To remove a permission assigned to a user or group:
In the ACCESS CONTROL section, click CryptoSpace(s) or CryptoSpace Endpoints tab.
Clear the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A success message is displayed on the screen.
Removing Permission from a User/Group
To remove current permissions assigned to the user/group:
In the ACCESS CONTROL section, click CryptoSpace(s) or CryptoSpace Endpoints tab.
Under Unassign, click the X button corresponding to the desired user/group.
On the Remove User / Remove Group screen, click Remove.
Note
Removing this user/group will remove all permissions currently assigned to the user/group.
Click Remove to confirm the action. To cancel the change, click Cancel.
A success message is displayed on the screen.
Removing a Google Cloud Project
Google Cloud projects can be removed from the Projects tab of the Google page. Search for the Google Cloud projects using Name or Connection.
To remove a Google Cloud project from CCKM:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Google.
Click the Projects tab. The list of projects added to CCKM is displayed.
Click the overflow icon () corresponding to the project you want to remove.
Warning
The removed project's keys will no longer be available on the Google Keys page, but the keys will still exist on the Google Cloud. If you later add this project with the same ID, the keys will be available again.
Select I wish to delete this project.
Click Delete Project.
A message Project deleted successfully is displayed on the screen.