Migrate volumes to CMEK

This page provides instructions for how to migrate your volumes to customer-managed encryption key (CMEK).

Before you begin

Volumes and their container storage pools can migrate from using Google-managed encryption keys to using CMEK.

If you choose to migrate volumes to a CMEK policy, all volumes in the specified region migrate to the CMEK policy. The CMEK policy setting applies to all storage pools in the region.

Migrate volumes to CMEK

Use the following instructions to migrate volumes to CMEK using the Google Cloud console or Google Cloud CLI.

Console

Use the following instructions to migrate volumes to CMEK using the Google Cloud console:

  1. Go to the NetApp Volumes page in the Google Cloud console.

    Go to NetApp Volumes

  2. Select CMEK policies.

  3. Find the CMEK policy you want to edit and click Show more.

  4. Select Migrate volumes to CMEK.

  5. Complete the CMEK policy name field to confirm migration.

  6. Click Migrate.

gcloud

Use the following instructions to migrate volumes to CMEK using Google Cloud CLI:

Trigger a key migration:

  gcloud netapp kms-configs encrypt CONFIG_NAME \
    --project=PROJECT_ID \
    --location=LOCATION \

Replace the following information:

  • CONFIG_NAME: the name of the config.

  • PROJECT_ID: the name of the project the volume is in.

  • LOCATION: the region of the config you want to delete.

For more options, see Google Cloud SDK documentation for Cloud Key Management Service.

What's next

Integrate Active Directory.