Important for Existing Customers/AW Folder Owners:
To ensure your environment meets current sovereignty and security standards, please visit Onboarding page and apply the highly recommended settings for existing Assured Workloads Folder and verify that all the checkmarks are green under "Assured Workloads Folder Details" page.
How to create an EKM key:
IMPORTANT: Once a key has been created following this documentation, the key version must be promoted. This is what is stated in the documentation: When you create a coordinated external key for Cloud EKM, note that manually created key versions aren't automatically set as the primary key version. To set it as a primary key, see Rotate a key:.
Assured Workloads Quick Start Guide | Google Cloud
Supported products within sovereign operations controls | Google Cloud
Create an Assured Workload folder | Sovereign Controls by Partners | Google Cloud
Cloud KMS resources | Google Cloud
Best practices for using CMEKs | Google Cloud
Enable and disable key versions | Google Cloud
Destroy and restore key versions | Google Cloud
Key rotation | Cloud KMS Documentation | Google Cloud
Rotate a key | Cloud KMS Documentation | Google Cloud
Re-encrypting data | Cloud KMS Documentation | Google Cloud
Create an asymmetric key | Cloud KMS Documentation | Google Cloud