KeyNexus
https://keynexus.net

Protect your Google Cloud encryption keys

KeyNexus <--> Google Cloud Client integration makes key management easy

KeyNexus for Google Cloud Overview

Google recognizes the need for strong, embedded encryption across their cloud offerings and that many enterprises require, or desire, the ability to control access to keys that secure this encryption.  Controlling access to these keys ensures separation of the lock and key.  As a result, Google Cloud now offers ‘Customer-Supplied Encryption Keys’ (CSEK) to Google Compute Engine (GCE) and Google Cloud Storage (GCS); see their Blog announcement here.

Google has solved the important issue of turning over key control and ownership to the customer.  At the same time enterprises still need a sophisticated key management infrastructure that is cloud-accessible and capable of provisioning keys into Google Cloud workloads 24×7×365

The result?  A partnership between KeyNexus and Google Cloud.

Google Cloud Integrations

Google Compute Engine (GCE)

For GCE, KeyNexus integrates directly with the gcloud client interface to enable users to invoke native GCE volume encryption while leveraging their KeyNexus stored keys.  In this way, enterprises can have confidence that Google does not have access to their keys. Developers can configure and provision KeyNexus keys directly into Google Compute encryption. Both KeyNexus Enterprise On-Prem and KeyNexus Cloud can be leveraged with this gcloud client integration. With either KeyNexus platform, creating and configuring keys on KeyNexus is a snap.  A gcloud client configured interface connects with KeyNexus to securely provision the appropriate keys when required. Keys are then securely and directly injected into Google’s encryption service. KeyNexus also provides simple instructions for configuration and routine key rotation.

Google Cloud Storage (GCS)

Google now supports native encryption with GCS via their customer supplied keys (CSEK). For GCS, KeyNexus integrates directly with Google’s gsutil SDK.  As with GCE, developers can configure and provision KeyNexus keys directly into GCS encryption. Both KeyNexus Enterprise On-Prem and KeyNexus Cloud can be leveraged with this GCS integration.  KeyNexus also provides simple instructions for configuration and routine key rotation.

KeyNexus VM as a Google Cloud image

KeyNexus is now available as a self-contained Google Cloud image for those customers wishing to deploy the on-premise version of KeyNexus in their public cloud environment. Nodes of KeyNexus can be simultaneously deployed across many differing cloud platforms with some nodes also residing on-prem if desired.

If you’re looking for universal key storage and management, integrated with Google Cloud CSEK, please contact us.