You can use Cloud Monitoring to monitor your external key manager (EKM) connection. The following metrics can help you understand your EKM usage:
This page shows you how to create a dashboard to track metrics related to your Cloud EKM keys and external key manager connection, such as request counts and latencies. For more information about these metrics, see cloudkms metrics. For more information about the dashboard creation process described in the following sections, see Managing dashboards by API.
Before you begin
The steps on this page assume the following:
- You already have Cloud EKM set up in a project, including an EKM connection and one or more external keys.
To get the permissions that you need to create dashboards using the gcloud CLI, ask your administrator to grant you the following IAM roles on your project:
Monitoring Dashboard Configuration Editor (
Service Usage Consumer (
For more information about granting roles, see Manage access.
These predefined roles contain the permissions required to create dashboards using the gcloud CLI. To see the exact permissions that are required, expand the Required permissions section:
The following permissions are required to create dashboards using the gcloud CLI:
You might also be able to get these permissions with custom roles or other predefined roles.
Create a dashboard to monitor your EKM
To monitor the status of your EKM, create a dashboard that monitors your request count and latencies:
Download the dashboard configuration:
Create a custom dashboard with the configuration file by running the following command:
gcloud monitoring dashboards create \ --config-from-file=ekm-dashboard.json
View your EKM dashboard
In the Google Cloud console, go to the Monitoring page, or use the following button:
Select Resources > Dashboards and view the dashboard named Cloud KMS EKM.
- Explore your data across various metric dimensions using Metrics Explorer.
- Optional: Create alerting policies.