Protecting models with customer-managed encryption keys

BigQuery ML supports customer-managed encryption keys (CMEK). Along with the default encryption provided by BigQuery, customers can now start using their own Cloud KMS keys for encrypting machine-learning models. We also support encrypting imported TensorFlow models.

Learn more about protecting data with Cloud KMS keys in BigQuery.

Create an encrypted model with a Cloud KMS key

To create an encrypted model, use the CREATE MODEL statement and specify KMS_KEY_NAME in the training options, among others.

CREATE MODEL my_dataset.my_model
OPTIONS(
  model_type='linear_reg',
  input_label_cols=['your_label'],
  kms_key_name='projects/my_project/locations/my_location/keyRings/my_ring/cryptoKeys/my_key')
AS SELECT * FROM my_dataset.my_data

The same syntax also applies to Tensorflow model import.

CREATE MODEL my_dataset.my_model
OPTIONS(
  model_type='tensorflow',
  path='gs://bucket/path/to/saved_model/*',
  kms_key_name='projects/my_project/locations/my_location/keyRings/my_ring/cryptoKeys/my_key')
AS SELECT * FROM my_dataset.my_data

Limitations

Customer-managed encryption keys have the following restrictions when encrypting machine learning models:

• Global region CMEK keys are not supported when creating DNN, Wide-and-Deep, Autoencoder, and Boosted Tree models.

• Using CMEK is not supported for AutoML Table models.

Determine if a model is protected by Cloud KMS

When a model is protected by Cloud KMS key, the key can be shown using the bq show command. The key used for encryption can be found under kmsKeyName.

bq show -m my_dataset.my_model

You can also use the Cloud Console to find out the Cloud KMS key for an encrypted model. Learn more about how to show Cloud KMS key in BigQuery.

Change the Cloud KMS key for an encrypted model

Use the bq update command with the --destination_kms_key flag to change the key for a table protected by Cloud KMS.

bq update --destination_kms_key \
projects/my_project/locations/my_location/keyRings/my_ring/cryptoKeys/my_key \
-t my_dataset.my_model

Learn more about how to change the key in BigQuery.

Project and dataset default Cloud KMS key

Users may set up default Cloud KMS keys at the project level and/or the dataset level in BigQuery. In BigQuery ML, these default keys are also supported when creating models. When a project has a default Cloud KMS key, the model created within this project is automatically encrypted by the default key. User can also specify their own keys in training options to encrypt the model. The same applies to the dataset that has a default key.

Learn more about setting a dataset default key in BigQuery.

Other BigQuery ML functions

All other BigQuery ML functions, including evaluation functions (ML.EVALUATE, ML.ROC_CURVE, ML.CONFUSION_MATRIX), prediction functions (ML.PREDICT), model and feature inspection functions (ML.TRAINING_INFO, ML.FEATURE_INFO, ML.WEIGHTS, ML.CENTROIDS), can be used with an encrypted model without the need of specifying its encryption key.