Google Cloud KMS

Overview

QCecuring integrates with Google Cloud Key Management Service to provide unified visibility and governance over cryptographic keys used across Google Cloud workloads. Organizations gain centralized control over key rotation, access policies, and compliance reporting.

Key capabilities

• Discovery and inventory of all key rings, keys, and key versions across GCP projects.
• Policy enforcement for key algorithms, protection levels, and rotation schedules.
• Centralized audit trail of key usage and administrative operations.
• Automated key rotation workflows aligned with organizational compliance requirements.
• Unified dashboard spanning Google Cloud KMS, Azure Key Vault, and on-prem HSMs.

Typical use cases

• Organizations using Google Cloud KMS for encryption of data at rest and in transit.
• Security teams requiring unified key governance across multiple cloud providers.
• Compliance programs mandating documented key rotation and access control policies.

High-level integration flow

1. Configure a GCP service account with Cloud KMS Viewer and appropriate IAM roles for QCecuring.
2. The platform inventories key rings, cryptographic keys, and their protection levels across projects.
3. Keys are normalized into QCecuring’s inventory with metadata for owners, applications, and policies.
4. Rotation schedules and policy checks run continuously, alerting on non-compliant configurations.
5. Reports provide unified visibility into key health and compliance across all connected key stores.

CBOM Discovery

QCecuring enumerates cryptographic keys in Cloud KMS, capturing algorithm types, key versions, protection levels, and rotation schedules for your CBOM inventory.