You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/operate/rc/security/manage-encryption-keys.md
+13-5Lines changed: 13 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,13 @@ All data on Redis Cloud is [encrypted at rest]({{< relref "/operate/rc/security/
16
16
17
17
Redis Cloud Pro users can choose to use self-managed encryption keys for persistent storage for all databases in a subscription.
18
18
19
-
## Benefits of self-managed encryption
19
+
## Self-managed encryption use cases and benefits
20
+
21
+
Self-managed persistent storage encryption allows you to:
22
+
-**Shield sensitive data**: With Self-managed persistent storage encryption, you can stop sensitive data exposure by revoking key access at any time.
23
+
-**Meet security and compliance requirements**: With self-managed persistent storage encryption, you may be able to easier meet compliance standards for data security and privacy protection.
24
+
25
+
Consider using self-managed persistent storage encryption if you have specific organizational needs or requirements for data security.
20
26
21
27
## Prerequisites
22
28
@@ -78,6 +84,8 @@ To grant Redis access to a key on Google Cloud:
78
84
79
85
1. From your subscription page on the Redis Cloud console, copy the provided Redis service account name.
80
86
87
+
{{<imagefilename="images/rc/cmek-access-roles-google.png"alt="The Grant Redis your customer-managed key section shows the service account needed to add as a principal."width=80% >}}
88
+
81
89
1. Go to [Key management](https://console.cloud.google.com/security/kms) on the Google Cloud console and locate your key.
82
90
83
91
1. Add the provided service account as a principal for your key, with one of the following Role options:
@@ -90,15 +98,15 @@ To grant Redis access to a key on Google Cloud:
90
98
91
99
1. Return to the Redis Cloud console. In your subscription page, enter your key's resource name in the **Key resource name** field.
92
100
101
+
{{<imagefilename="images/rc/cmek-provide-resource-name-google.png"alt="The Provide the name of your customer-managed key section lets you provide your key to Redis."width=80% >}}
102
+
93
103
At this point, Redis Cloud will check to see if it can access your key. If it can't access your key, make sure that you've added the correct permissions to your key, that the key is available in the database's cloud provider region, and that you have correctly entered your key's resource name.
94
104
95
105
<!-- 1. Choose a **Deletion grace period** from the list. If Redis Cloud loses access to your key, Redis will notify you and delete your key after the selected grace period. During the grace period, you must provide a new key to prevent data loss. -->
96
106
97
-
1. After you finish granting access to your key, you can save your changes.
98
-
99
-
- For a new subscription, select **Activate** to activate your subscription and start billing.
100
-
107
+
1. After you finish granting access to your key, you can save your changes. For a new subscription, select **Activate** to activate your subscription and start billing.
0 commit comments