Container Registry stores container images in Cloud Storage. Cloud Storage always encrypts your data on the server side.
If you have compliance or regulatory requirements, you can encrypt your container images using customer-managed encryption keys (CMEK). CMEK keys are managed in Cloud Key Management Service. When you use CMEK, you can temporarily or permanently disable access to an encrypted container image by disabling or destroying the key.
If you have not done so, push an image to Container Registry. The storage bucket does not use a CMEK key yet.
In Cloud Storage, configure the storage bucket to use the CMEK key.
- Learn more about managing Container Registry images.
- Learn more about CMEK
- Learn more about Cloud Storage