Skip to content
SSL
Visit SSL on GitHub
Set theme to dark (⇧+D)

Google Cloud HSM

This tutorial uses Google Cloud HSM — a FIPS 140-2 Level 3 certified implementation.


Before you start

Make sure that you have:


1. Create a key ring

To set up the Google Cloud HSM, create a key ring and indicate its location.


2. Create a key

Create a key, including the following information:

FieldValue
Key ringThe key ring you created in Step 2
Protection levelHSM
PurposeAsymmetric Encrypt

3. Import the private key

After creating a key ring and key, import the private key.


4. Modify your gokeyless config file and restart the service

Once you’ve imported the key, copy the Resource name from the UI. Then, add this value to the gokeyless YAML file under private_key_stores.

With the config file saved, restart gokeyless and verify it started successfully.

$ sudo systemctl restart gokeyless.service$ sudo systemctl status gokeyless.service -l