A customer-managed encryption key (CMEK) for the Compute Engine
resources of the associated workstation configuration. Specify the
name of your Cloud KMS encryption key and the default service
account. We recommend that you use a separate service account and
follow Cloud KMS best
practices <https://cloud.google.com/kms/docs/separation-of-duties>__.
Attributes
Name
Description
kms_key
str
Immutable. The name of the Google Cloud KMS encryption key.
For example,
"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME".
The key must be in the same region as the workstation
configuration.
kms_key_service_account
str
Immutable. The service account to use with the specified KMS
key. We recommend that you use a separate service account
and follow KMS best practices. For more information, see
`Separation of
duties
