Migrate to Virtual Machines always encrypts the migrated data at rest. In addition to this, Migrate to Virtual Machines supports Customer-managed encryption keys (CMEK) that lets you encrypt the following data:
- Data stored internally during a migration
- Data on target Virtual Machine (VM) instances and VM disks
The following sections describe these scenarios is more detail.
Use CMEK to encrypt data stored during a migration
To encrypt data stored during a migration using CMEK, you must provide a reference to a KMS key when creating a migration source. For instructions on using CMEK to encrypt data during a migration from various migration sources, see the following topics:
Use CMEK to encrypt data on target VM instances and VM disks
To encrypt data on target VM instances and VM disks using CMEK, you must provide a reference to a KMS key in the target details. For instructions on setting CMEK in the target details, see setting CMEK for VM instances and setting CMEK for VM disks.