Appendix A: Google VPC and KMS infrastructure setup

this appendix demonstrates how to configure the google ekm service to connect to virtucrypt through a google virtual private cloud (vpc) network you must have appropriate permissions within your google cloud project and ensure that you enable the cloud key management service (kms) and cloud ekm apis for your project before proceeding, you need your {{vc}} instance hostname, tls certificate , and crypto space path contact {{vc}} support for assistance perform the following steps to configure kms infrastructure in the google cloud console, go to the key management page select \[ kms infrastructure ] select \[ create connection ] in the create ekm via vpc connection wizard, perform the following steps enter a name for the connection select a region it must be in the same region as the vpc network enter the resource id (self link) of the service directory service to use with this connection, which you created in the first section of this integration guide the service must point to your external key manager ip address and must be in the same region as this connection enter the ekm hostname it should match the common name of the tls certificate upload the external key manager's x 509 server certificates in der format select cloud kms as the ekm management mode and specify a crypto space path (such as gekms/gapi/v0/cryptospaces/0147e96a 8698 0002 0030 e1e51ee48252 ) (optional) set default this uses this interface for all keys by using external through vpc connection as default select \[ create ]