Go to the Google Cloud Key Management Dashboard
Perform the following step to go to the Google Cloud Management Dashboard:Create a new Key Ring
Perform the following steps to create a new Key Ring:In the Create key ring wizard. perform the following steps:
- Enter a name for the key ring. Key ring names can only contain letters, numbers, underscores (_), and hyphens (-). They can’t be renamed or deleted.
- Select Region as the Location type (EKM does not support Multi-region). Then, in the drop-down menu, select the Google region where you want to create the key ring.
- Select [ Create ].
Note the following regarding the key ring location:
- Cloud EKM needs to be able to reach your keys quickly to avoid an error. When creating a Cloud EKM key, choose a Google Cloud location that is geographically near the location of the CryptoHub.
- You can use Cloud EKM in any Google Cloud location supported for Cloud KMS, except for global.
Note the Service Account email address
After the Key Ring is created, the browser redirects to the key creation wizard. Perform the following steps to find the IP address:Reminder:The Google EKM service account calling your endpoint follows this format:
service-[PROJECT_NUMBER]@gcp-sa-ekms.iam.gserviceaccount.com. You’ll see calls from this principal.