This page provides instructions for how to migrate your volumes to customer-managed encryption key (CMEK).
Before you begin
Volumes and their container storage pools can migrate from using Google-managed encryption keys to using CMEK.
If you choose to migrate volumes to a CMEK policy, all volumes in the specified region migrate to the CMEK policy. The CMEK policy setting applies to all storage pools in the region.
Migrate volumes to CMEK
Use the following instructions to migrate volumes to CMEK using the Google Cloud console or Google Cloud CLI.
Use the following instructions to migrate volumes to CMEK using the Google Cloud console:
Go to the NetApp Volumes page in the Google Cloud console.
Select CMEK policies.
Find the CMEK policy you want to edit and click Show more.
Select Migrate volumes to CMEK.
Complete the CMEK policy name field to confirm migration.
Use the following instructions to migrate volumes to CMEK using Google Cloud CLI:
Trigger a key migration:
gcloud netapp kms-configs encrypt CONFIG_NAME
Replace the following information:
CONFIG_NAME: the name of the config.
PROJECT_ID: the name of the project the volume is in.
LOCATION: the region of the config you want to delete.
For more options, run the following command:
gcloud netapp kms-configs verify --help