Set up Google Cloud External Key Manager (EKM) initially

to set up ekm the first time, perform the steps in this section in the google dashboard to create a new key ring and find the service account address go to the dashboard perform the following steps to go to the google cloud key management dashboard from the main google cloud dashboard, enter key management in the search bar at the top of the page select key management security service create a new key ring perform the following steps to create a new key ring from the key management dashboard, select \[ create key ring ] at the top of the page in the create key ring wizard, enter a name for the key ring key ring names can only contain letters, numbers, underscores ( ), and hyphens ( ) you can't rename or delete them select region as the location type (ekm does not support multi region) in the drop down menu, select the google region where you want to create the key ring select \[ create ] note the following regarding the key ring location cloud ekm must be able to access your keys quickly to prevent errors when creating a cloud ekm key, choose a google cloud location that is geographically near the location of the {{k3}} you can use cloud ekm in any google cloud location supported for cloud kms, except for global find the service account email address after you create the key ring, the browser redirects to the key creation wizard perform the following steps to find the service account email address enter a name for the key in the key creation wizard select external as the protection level for the key select either via internet or via vpc as the external key manager (ekm) connection type select \[ continue ] note the service account email address in the key material section the service account email address is copied later to the email field of the identity that google uses to interact with the {{k3}} you return to this dialog in the google cloud dashboard after creating a google crypto space on the {{k}} in an upcoming section