CustomerEncryptionKey(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A customer-managed encryption key (CMEK) for the Compute Engine
resources of the associated workstation configuration. Specify the
name of your Cloud KMS encryption key and the default service
account. We recommend that you use a separate service account and
follow Cloud KMS best
practices <https://cloud.google.com/kms/docs/separation-of-duties>
__.
Attributes |
|
---|---|
Name | Description |
kms_key |
str
Immutable. The name of the Google Cloud KMS encryption key. For example, "projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME" .
The key must be in the same region as the workstation
configuration.
|
kms_key_service_account |
str
Immutable. The service account to use with the specified KMS key. We recommend that you use a separate service account and follow KMS best practices. For more information, see `Separation of duties |