Using Cryptographic Security Platform Vault as a GCP EKM Provider

You can now use the Cryptographic Security Platform Vault for Cloud Keys as an External Key Manager (EKM) provider for GCP Cloud Key Management Service (KMS). GCP supports the following types of EKM: 

• Manual key creation—The keys are created in the Cryptographic Security Platform Vault for Cloud Keys, and the key URI  is copied to the GCP console to establish the link.

• Coordinated keys—The keys are created using the interface in the GCP console.

The key resides in the Cryptographic Security Platform Vault for Cloud Keys and is never moved to GCP no matter which type of EKM you choose.