Stay organized with collections
Save and categorize content based on your preferences.
Cloud Deploy, along with its dependent services, lets you manage
your own encryption keys for storage and transit of any user data.
Cloud Deploy data
Cloud Deploy stores resource data encrypted. This storage does not include
any user data.
Cloud Deploy dependent services can use customer-managed encryption keys.
The sections that follow address the practices of each dependent service.
Cloud Build
Render and deploy operations are performed through Cloud Build,
which is CMEK compliant. For more information on configuring Cloud Build
to be CMEK compliant, see the Cloud Build documentation.
Rendering source and rendered manifests are stored in Cloud Storage
buckets.
Cloud Build stores its logs using Cloud Logging,
and Cloud Deploy explicitly turns off Cloud Storage logging
for use with Cloud Deploy.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Cloud Deploy allows for the management of encryption keys for both data storage and transit, ensuring the security of user data."],["Cloud Deploy relies on Cloud Build for rendering and deployment operations, which is compliant with Customer-Managed Encryption Keys (CMEK), and its associated logs are stored in Cloud Logging."],["Utilizing custom Cloud Storage buckets, configured for CMEK, is essential for employing CMEK with Cloud Deploy, involving the specification of storage locations for rendering source files and rendered manifests."],["Pub/Sub topics used by Cloud Deploy for publishing notifications can be configured to use customer-managed encryption keys, enhancing data protection."],["Cloud Deploy and its services utilize Cloud Logging, which can be configured for CMEK, providing a secure logging environment."]]],[]]
