<!doctype html> <html lang="en" dir="ltr"> <head> <meta name="google-signin-client-id" content="721724668570-nbkv1cfusk7kk4eni4pjvepaus73b13t.apps.googleusercontent.com"> <meta name="google-signin-scope" content="profile email https://www.googleapis.com/auth/developerprofiles https://www.googleapis.com/auth/developerprofiles.award https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/webhistory"> <meta property="og:site_name" content="Google Cloud"> <meta property="og:type" content="website"><meta name="theme-color" content="#039be5"><meta charset="utf-8"> <meta content="IE=Edge" http-equiv="X-UA-Compatible"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="manifest" href="/_pwa/cloud/manifest.json" crossorigin="use-credentials"> <link rel="preconnect" href="//www.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.googleapis.com" crossorigin> <link rel="preconnect" href="//apis.google.com" crossorigin> <link rel="preconnect" href="//www.google-analytics.com" crossorigin><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"> <link rel="stylesheet" href="//fonts.googleapis.com/css2?family=Material+Icons&family=Material+Symbols+Outlined&display=block"><link rel="stylesheet" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/css/app.css"> <link rel="shortcut icon" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/favicons/onecloud/favicon.ico"> <link rel="apple-touch-icon" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/favicons/onecloud/super_cloud.png"><link rel="canonical" href="https://cloud.google.com/docs/security/encryption/default-encryption"><link rel="search" type="application/opensearchdescription+xml" title="Google Cloud" href="https://cloud.google.com/s/opensearch.xml"> <link rel="alternate" hreflang="en" href="https://cloud.google.com/docs/security/encryption/default-encryption" /><link rel="alternate" hreflang="x-default" href="https://cloud.google.com/docs/security/encryption/default-encryption" /><link rel="alternate" hreflang="zh-Hans" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=zh-cn" /><link rel="alternate" hreflang="fr" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=fr" /><link rel="alternate" hreflang="de" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=de" /><link rel="alternate" hreflang="id" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=id" /><link rel="alternate" hreflang="it" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=it" /><link rel="alternate" hreflang="ja" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=ja" /><link rel="alternate" hreflang="ko" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=ko" /><link rel="alternate" hreflang="pt-BR" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=pt-br" /><link rel="alternate" hreflang="es-419" href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=es-419" /><title>Default encryption at rest &nbsp;|&nbsp; Documentation &nbsp;|&nbsp; Google Cloud</title> <meta property="og:title" content="Default encryption at rest &nbsp;|&nbsp; Documentation &nbsp;|&nbsp; Google Cloud"><meta property="og:url" content="https://cloud.google.com/docs/security/encryption/default-encryption"><meta property="og:image" content="https://cloud.google.com/_static/cloud/images/social-icon-google-cloud-1200-630.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="630"><meta property="og:locale" content="en"><meta name="twitter:card" content="summary_large_image"><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "headline": "Default encryption at rest" } </script><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [{ "@type": "ListItem", "position": 1, "name": "Documentation", "item": "https://cloud.google.com/docs" },{ "@type": "ListItem", "position": 2, "name": "Default encryption at rest", "item": "https://cloud.google.com/docs/security/encryption/default-encryption" }] } </script> <link rel="stylesheet" href="/extras.css"></head> <body class="" template="page" theme="cloud-theme" type="article" layout="docs" free-trial display-toc pending> <devsite-progress type="indeterminate" id="app-progress"></devsite-progress> <section class="devsite-wrapper"> <devsite-cookie-notification-bar></devsite-cookie-notification-bar><cloudx-track userCountry="SG"></cloudx-track> <cloudx-utils-init></cloudx-utils-init> <devsite-header keep-tabs-visible> <div class="devsite-header--inner nocontent"> <div class="devsite-top-logo-row-wrapper-wrapper"> <div class="devsite-top-logo-row-wrapper"> <div class="devsite-top-logo-row"> <button type="button" id="devsite-hamburger-menu" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Navigation menu button" visually-hidden aria-label="Open menu"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> </li> </ul> </span> </div> <div class="devsite-top-logo-row-middle"> <div class="devsite-header-upper-tabs"> <cloudx-tabs-nav class="upper-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Upper tabs"> <tab class="devsite-active"> <a href="https://cloud.google.com/docs" track-metadata-eventdetail="https://cloud.google.com/docs" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - docs-home" track-metadata-module="primary nav" aria-label="Documentation, selected" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" > Documentation </a> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/tech-area-overviews" track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > Technology areas </a> <a href="#" role="button" aria-haspopup="true" aria-expanded="false" aria-label="Dropdown menu for Technology areas" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></a> <div class="devsite-tabs-dropdown" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/ai-ml" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/ai-ml" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> AI and ML </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-development" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-development" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application development </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-hosting" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-hosting" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application hosting </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/compute-area" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/compute-area" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Compute </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/data" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/data" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Data analytics and pipelines </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/databases" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/databases" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Databases </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/dhm-cloud" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/dhm-cloud" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Distributed, hybrid, and multicloud </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/generative-ai" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/generative-ai" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Generative AI </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/industry" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/industry" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Industry solutions </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/networking" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/networking" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Networking </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/observability" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/observability" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Observability and monitoring </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/security" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/security" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Security </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/storage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/storage" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Storage </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/cross-product-overviews" track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > Cross-product tools </a> <a href="#" role="button" aria-haspopup="true" aria-expanded="false" aria-label="Dropdown menu for Cross-product tools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></a> <div class="devsite-tabs-dropdown" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/access-resources" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/access-resources" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Access and resources management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/costs-usage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/costs-usage" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Costs and usage management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/devtools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/devtools" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud SDK, languages, frameworks, and tools </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/iac" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/iac" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Infrastructure as code </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/migration" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/migration" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Migration </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/" track-metadata-eventdetail="https://cloud.google.com/" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > Related sites </a> <a href="#" role="button" aria-haspopup="true" aria-expanded="false" aria-label="Dropdown menu for Related sites" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></a> <div class="devsite-tabs-dropdown" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Home </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/free" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/free" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Free Trial and Free Tier </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/architecture" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/architecture" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Architecture Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/blog" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Blog </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/contact" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/contact" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Contact Sales </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/developers" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/developers" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" track-type="nav" track-metadata-eventdetail="https://developers.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" track-type="nav" track-metadata-eventdetail="https://console.cloud.google.com/marketplace" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/marketplace/docs" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/marketplace/docs" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace Documentation </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" track-type="nav" track-metadata-eventdetail="https://www.cloudskillsboost.google/paths" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Skills Boost </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/solutions" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/solutions" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Solution Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/support-hub" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/support-hub" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Support </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" track-type="nav" track-metadata-eventdetail="https://www.youtube.com/@googlecloudtech" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Tech Youtube Channel </div> </a> </li> </ul> </div> </div> </div> </tab> </nav> </cloudx-tabs-nav> </div> <devsite-search enable-signin enable-search enable-suggestions project-name="Documentation" tenant-name="Google Cloud" > <form class="devsite-search-form" action="https://cloud.google.com/s/results" method="GET"> <div class="devsite-search-container"> <button type="button" search-open class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Open search"></button> <div class="devsite-searchbox"> <input aria-activedescendant="" aria-autocomplete="list" aria-label="Search" aria-expanded="false" aria-haspopup="listbox" autocomplete="off" class="devsite-search-field devsite-search-query" name="q" placeholder="Search" role="combobox" type="text" value="" > <div class="devsite-search-image material-icons" aria-hidden="true"> </div> <div class="devsite-search-shortcut-icon-container" aria-hidden="true"> <kbd class="devsite-search-shortcut-icon">/</kbd> </div> </div> </div> </form> <button type="button" search-close class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Close search"></button> </devsite-search> </div> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> <devsite-user enable-profiles fp-auth id="devsite-user"> <span class="button devsite-top-button" aria-hidden="true" visually-hidden>Sign in</span> </devsite-user> </div> </div> </div> <div class="devsite-collapsible-section "> <div class="devsite-header-background"> <div class="devsite-product-id-row" hidden> <div class="devsite-product-description-row"> </div> </div> <div class="devsite-doc-set-nav-row"> <div class="devsite-product-button-row"> <a href="https://cloud.google.com/contact" class="cta-button-secondary button " track-metadata-position="nav" data-overflow="devsite-tabs-wrapper" track-metadata-eventDetail="nav" data-overflow-wrapper="tab" track-name="sales" track-type="contact" data-overflow-container="left" >Contact Us</a> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary " track-name="gcpCta" track-metadata-eventDetail="nav" data-overflow-container="right" data-overflow="devsite-top-logo-row" referrerpolicy="no-referrer-when-downgrade" track-type="freeTrial" track-metadata-position="nav" data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" >Start free</a> </div> </div> </div> </div> </div> </devsite-header> <devsite-book-nav scrollbars > <div class="devsite-book-nav-filter" > <span class="filter-list-icon material-icons" aria-hidden="true"></span> <input type="text" placeholder="Filter" aria-label="Type to filter" role="searchbox"> <span class="filter-clear-button hidden" data-title="Clear filter" aria-label="Clear filter" role="button" tabindex="0"></span> </div> <nav class="devsite-book-nav devsite-nav nocontent" aria-label="Side menu"> <div class="devsite-mobile-header"> <button type="button" id="devsite-close-nav" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close navigation" aria-label="Close navigation"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> </li> </ul> </span> </div> </div> <div class="devsite-book-nav-wrapper"> <div class="devsite-mobile-nav-top"> <ul class="devsite-nav-list"> <li class="devsite-nav-item"> <a href="/docs" class="devsite-nav-title gc-analytics-event devsite-nav-has-children devsite-nav-active" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Documentation" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Documentation </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/tech-area-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Technology areas" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Technology areas </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Technology areas"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Technology areas"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/docs/cross-product-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Cross-product tools" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Cross-product tools </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Cross-product tools"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Cross-product tools"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Related sites" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Related sites </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Related sites"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Related sites"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/" class="devsite-nav-title gc-analytics-event " track-type="globalNav" track-metadata-eventDetail="nav" track-name="console" referrerpolicy="no-referrer-when-downgrade" track-metadata-position="nav" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Console" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Console </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="cta-button-secondary button" track-metadata-position="nav" data-overflow="devsite-tabs-wrapper" track-metadata-eventDetail="nav" data-overflow-wrapper="tab" track-name="sales" track-type="contact" data-overflow-container="left" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Us" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Us </span> </a> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary" track-name="gcpCta" track-metadata-eventDetail="nav" data-overflow-container="right" data-overflow="devsite-top-logo-row" referrerpolicy="no-referrer-when-downgrade" track-type="freeTrial" track-metadata-position="nav" data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Start free" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Start free </span> </a> </li> </ul> </div> <div class="devsite-mobile-nav-bottom"> <ul class="devsite-nav-list" menu="_book"> <li class="devsite-nav-item"><a href="/docs" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs" alt-paths=" /security/deletion /security/data-loss-prevention /security/data-safety /security/encryption/customer-supplied-encryption-keys /security/encryption/default-encryption /security/encryption-in-transit/application-layer-transport-security /security/encryption-in-transit /security/incident-response /security/infrastructure/design /security/overview /security/overview/whitepaper /security/shielded-cloud /security/resources/security-features-of-connect-for-anthos "><span class="devsite-nav-text" tooltip>Documentation home</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>The basics</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/overview" ><span class="devsite-nav-text" tooltip>Google Cloud overview</span></a></li><li class="devsite-nav-item"><a href="/docs/cloud-approach-to-change" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/cloud-approach-to-change" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/cloud-approach-to-change" ><span class="devsite-nav-text" tooltip>Google Cloud&#39;s approach to change</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Plan resource creation</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/get-started/resource-planning-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/resource-planning-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/resource-planning-overview" ><span class="devsite-nav-text" tooltip>Resource planning overview</span></a></li><li class="devsite-nav-item"><a href="/docs/get-started/consider-geographic-distribution" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/consider-geographic-distribution" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/consider-geographic-distribution" ><span class="devsite-nav-text" tooltip>Consider geographic distribution</span></a></li><li class="devsite-nav-item"><a href="/docs/get-started/create-ownership-hierarchy" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/create-ownership-hierarchy" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/create-ownership-hierarchy" ><span class="devsite-nav-text" tooltip>Create an ownership hierarchy</span></a></li><li class="devsite-nav-item"><a href="/docs/get-started/consider-resource-maintenance" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/consider-resource-maintenance" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/consider-resource-maintenance" ><span class="devsite-nav-text" tooltip>Consider maintenance</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Google Cloud regions</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/geography-and-regions" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/geography-and-regions" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/geography-and-regions" ><span class="devsite-nav-text" tooltip>Geography and regions</span></a></li><li class="devsite-nav-item"><a href="/docs/dammam-region-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/dammam-region-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/dammam-region-access" ><span class="devsite-nav-text" tooltip>Dammam region access</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Interact with Google Cloud</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/get-started/interact-with-resources" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/interact-with-resources" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/interact-with-resources" ><span class="devsite-nav-text" tooltip>Interaction overview</span></a></li><li class="devsite-nav-item"><a href="/docs/accessibility" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/accessibility" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/accessibility" ><span class="devsite-nav-text" tooltip>Accessibility</span></a></li><li class="devsite-nav-item"><a href="/docs/shortcuts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/shortcuts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/shortcuts" ><span class="devsite-nav-text" tooltip>Keyboard shortcuts</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/billing/docs/concepts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /billing/docs/concepts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/billing/docs/concepts" ><span class="devsite-nav-text" tooltip>Learn about Cloud Billing</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Committed use discounts</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/cuds" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/cuds" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/cuds" ><span class="devsite-nav-text" tooltip>Overview</span></a></li><li class="devsite-nav-item"><a href="/docs/cuds-attribution" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/cuds-attribution" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/cuds-attribution" ><span class="devsite-nav-text" tooltip>Attribution of commitments</span></a></li><li class="devsite-nav-item"><a href="/docs/cuds-recommender" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/cuds-recommender" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/cuds-recommender" ><span class="devsite-nav-text" tooltip>Recommendations</span></a></li><li class="devsite-nav-item"><a href="/docs/cuds-spend-based" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/cuds-spend-based" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/cuds-spend-based" ><span class="devsite-nav-text" tooltip>Spend-based CUDs</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/free/docs/gcp-free-tier" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /free/docs/gcp-free-tier" track-type="bookNav" track-name="click" track-metadata-eventdetail="/free/docs/gcp-free-tier" ><span class="devsite-nav-text" tooltip>Google Cloud Free Program</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Get started with Google Cloud</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Google Cloud setup</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/enterprise/setup-checklist" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/enterprise/setup-checklist" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/enterprise/setup-checklist" ><span class="devsite-nav-text" tooltip>Checklist</span></a></li><li class="devsite-nav-item"><a href="/docs/enterprise/deploy-foundation-using-terraform-from-console" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/enterprise/deploy-foundation-using-terraform-from-console" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/enterprise/deploy-foundation-using-terraform-from-console" ><span class="devsite-nav-text" tooltip>Deploy using Terraform</span></a></li><li class="devsite-nav-item"><a href="/docs/enterprise/manage-foundation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/enterprise/manage-foundation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/enterprise/manage-foundation" ><span class="devsite-nav-text" tooltip>Extend your setup</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Developer tools and APIs</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/get-started/access-apis" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/access-apis" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/access-apis" ><span class="devsite-nav-text" tooltip>Set up API access</span></a></li><li class="devsite-nav-item"><a href="/docs/get-started/developer-tools" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/developer-tools" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/developer-tools" ><span class="devsite-nav-text" tooltip>Use developer tools</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/docs/get-started/aws-azure-gcp-service-comparison" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/get-started/aws-azure-gcp-service-comparison" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/get-started/aws-azure-gcp-service-comparison" ><span class="devsite-nav-text" tooltip>Compare AWS and Azure services to Google Cloud</span></a></li><li class="devsite-nav-item"><a href="/architecture/framework" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /architecture/framework" track-type="bookNav" track-name="click" track-metadata-eventdetail="/architecture/framework" ><span class="devsite-nav-text" tooltip>Architecture Framework</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>General security guides</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/security" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security" ><span class="devsite-nav-text" tooltip>All general security guides</span></a></li><li class="devsite-nav-item"><a href="/docs/security/overview/whitepaper" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/overview/whitepaper" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/overview/whitepaper" ><span class="devsite-nav-text" tooltip>Security overview</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Infrastructure security</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/security/infrastructure/design" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/infrastructure/design" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/infrastructure/design" ><span class="devsite-nav-text" tooltip>Infrastructure security design overview</span></a></li><li class="devsite-nav-item"><a href="/docs/security/beyondprod" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/beyondprod" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/beyondprod" ><span class="devsite-nav-text" tooltip>BeyondProd</span></a></li><li class="devsite-nav-item"><a href="/docs/security/binary-authorization-for-borg" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/binary-authorization-for-borg" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/binary-authorization-for-borg" ><span class="devsite-nav-text" tooltip>Binary Authorization for Borg</span></a></li><li class="devsite-nav-item"><a href="/docs/security/boot-integrity" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/boot-integrity" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/boot-integrity" ><span class="devsite-nav-text" tooltip>Boot integrity</span></a></li><li class="devsite-nav-item"><a href="/docs/security/physical-to-logical-space" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/physical-to-logical-space" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/physical-to-logical-space" ><span class="devsite-nav-text" tooltip>Data center physical-to-logical space</span></a></li><li class="devsite-nav-item"><a href="/docs/security/remote-attestation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/remote-attestation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/remote-attestation" ><span class="devsite-nav-text" tooltip>Remote attestation</span></a></li><li class="devsite-nav-item"><a href="/docs/security/production-services-protection" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/production-services-protection" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/production-services-protection" ><span class="devsite-nav-text" tooltip>Production service protections</span></a></li><li class="devsite-nav-item"><a href="/docs/security/titanium-hardware-security-architecture" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/titanium-hardware-security-architecture" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/titanium-hardware-security-architecture" ><span class="devsite-nav-text" tooltip>Titanium hardware security architecture</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Encryption</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/security/encryption/default-encryption" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/encryption/default-encryption" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/encryption/default-encryption" ><span class="devsite-nav-text" tooltip>Encryption at rest</span></a></li><li class="devsite-nav-item"><a href="/docs/security/encryption-in-transit" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/encryption-in-transit" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/encryption-in-transit" ><span class="devsite-nav-text" tooltip>Encryption in transit</span></a></li><li class="devsite-nav-item"><a href="/docs/security/encryption-in-transit/application-layer-transport-security" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/encryption-in-transit/application-layer-transport-security" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/encryption-in-transit/application-layer-transport-security" ><span class="devsite-nav-text" tooltip>Application layer transport security</span></a></li><li class="devsite-nav-item"><a href="/docs/security/encryption/gcp-encryption-granularity" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/encryption/gcp-encryption-granularity" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/encryption/gcp-encryption-granularity" ><span class="devsite-nav-text" tooltip>Granularity of encryption for Google Cloud services</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Product-specific</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/security/key-management-deep-dive" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/key-management-deep-dive" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/key-management-deep-dive" ><span class="devsite-nav-text" tooltip>Cloud Key Management Service deep dive</span></a></li><li class="devsite-nav-item"><a href="/docs/security/cloud-hsm-architecture" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/cloud-hsm-architecture" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/cloud-hsm-architecture" ><span class="devsite-nav-text" tooltip>Cloud HSM architecture</span></a></li><li class="devsite-nav-item"><a href="/docs/security/reliable-ekm-architectures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/reliable-ekm-architectures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/reliable-ekm-architectures" ><span class="devsite-nav-text" tooltip>Reliable EKM architectures</span></a></li><li class="devsite-nav-item"><a href="/docs/security/encryption/customer-supplied-encryption-keys" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/encryption/customer-supplied-encryption-keys" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/encryption/customer-supplied-encryption-keys" ><span class="devsite-nav-text" tooltip>Customer-supplied encryption keys</span></a></li><li class="devsite-nav-item"><a href="/docs/security/confidential-space" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/confidential-space" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/confidential-space" ><span class="devsite-nav-text" tooltip>Confidential Space</span></a></li><li class="devsite-nav-item"><a href="/docs/security/implement-cdmc-framework" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/implement-cdmc-framework" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/implement-cdmc-framework" ><span class="devsite-nav-text" tooltip>CDMC framework in BigQuery</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/docs/security/data-loss-prevention/revoking-user-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/data-loss-prevention/revoking-user-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/data-loss-prevention/revoking-user-access" ><span class="devsite-nav-text" tooltip>Revoking access to Google Cloud</span></a></li><li class="devsite-nav-item"><a href="/docs/security/compromised-credentials" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/compromised-credentials" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/compromised-credentials" ><span class="devsite-nav-text" tooltip>Handle compromised credentials</span></a></li><li class="devsite-nav-item"><a href="/docs/security/respond-to-abuse-misuse" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/respond-to-abuse-misuse" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/respond-to-abuse-misuse" ><span class="devsite-nav-text" tooltip>Respond to abuse notifications</span></a></li><li class="devsite-nav-item"><a href="/docs/security/deletion" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/deletion" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/deletion" ><span class="devsite-nav-text" tooltip>Data deletion on Google Cloud</span></a></li><li class="devsite-nav-item"><a href="/docs/security/incident-response" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/security/incident-response" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/security/incident-response" ><span class="devsite-nav-text" tooltip>Data incident response process</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Authentication</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/authentication" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication" ><span class="devsite-nav-text" tooltip>Authentication methods</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Ways to authenticate</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/authentication/client-libraries" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/client-libraries" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/client-libraries" ><span class="devsite-nav-text" tooltip>Authenticate for using client libraries</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/gcloud" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/gcloud" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/gcloud" ><span class="devsite-nav-text" tooltip>Authenticate for using the gcloud CLI</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/rest" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/rest" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/rest" ><span class="devsite-nav-text" tooltip>Authenticate for using REST</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/use-service-account-impersonation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/use-service-account-impersonation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/use-service-account-impersonation" ><span class="devsite-nav-text" tooltip>Authenticate by using service account impersonation</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Application Default Credentials</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/authentication/provide-credentials-adc" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/provide-credentials-adc" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/provide-credentials-adc" ><span class="devsite-nav-text" tooltip>Set up Application Default Credentials</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/application-default-credentials" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/application-default-credentials" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/application-default-credentials" ><span class="devsite-nav-text" tooltip>How Application Default Credentials works</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/troubleshoot-adc" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/troubleshoot-adc" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/troubleshoot-adc" ><span class="devsite-nav-text" tooltip>Troubleshoot your ADC setup</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>API keys</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/docs/authentication/api-keys-use" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/api-keys-use" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/api-keys-use" ><span class="devsite-nav-text" tooltip>Use API keys to access APIs</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/api-keys" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/api-keys" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/api-keys" ><span class="devsite-nav-text" tooltip>Manage API keys</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/api-keys-best-practices" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/api-keys-best-practices" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/api-keys-best-practices" ><span class="devsite-nav-text" tooltip>Best practices for managing API keys</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/docs/authentication/get-id-token" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/get-id-token" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/get-id-token" ><span class="devsite-nav-text" tooltip>Get an ID token</span></a></li><li class="devsite-nav-item"><a href="/docs/authentication/token-types" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/authentication/token-types" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/authentication/token-types" ><span class="devsite-nav-text" tooltip>Token types</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/support/docs" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /support/docs" track-type="bookNav" track-name="click" track-metadata-eventdetail="/support/docs" ><span class="devsite-nav-text" tooltip>Getting support</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Release notes</span> </div></li> <li class="devsite-nav-item"><a href="/release-notes" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /release-notes" track-type="bookNav" track-name="click" track-metadata-eventdetail="/release-notes" ><span class="devsite-nav-text" tooltip>Recent product changes</span></a></li> <li class="devsite-nav-item"><a href="/release-notes/all" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /release-notes/all" track-type="bookNav" track-name="click" track-metadata-eventdetail="/release-notes/all" ><span class="devsite-nav-text" tooltip>Index of release notes</span></a></li> <li class="devsite-nav-item"><a href="https://console.cloud.google.com/bigquery?p=bigquery-public-data&amp;d=google_cloud_release_notes&amp;t=release_notes&amp;page=table" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: https://console.cloud.google.com/bigquery?p=bigquery-public-data&amp;d=google_cloud_release_notes&amp;t=release_notes&amp;page=table" track-type="bookNav" track-name="click" track-metadata-eventdetail="https://console.cloud.google.com/bigquery?p=bigquery-public-data&amp;d=google_cloud_release_notes&amp;t=release_notes&amp;page=table" ><span class="devsite-nav-text" tooltip>BigQuery dataset of release notes</span></a></li> </ul> <ul class="devsite-nav-list" menu="Technology areas" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/ai-ml" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: AI and ML" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > AI and ML </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-development" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application development" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application development </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-hosting" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application hosting" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application hosting </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/compute-area" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Compute" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Compute </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/data" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Data analytics and pipelines" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Data analytics and pipelines </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/databases" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Databases" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Databases </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/dhm-cloud" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Distributed, hybrid, and multicloud" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Distributed, hybrid, and multicloud </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/generative-ai" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Generative AI" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Generative AI </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/industry" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Industry solutions" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Industry solutions </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/networking" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Networking" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Networking </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/observability" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Observability and monitoring" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Observability and monitoring </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/security" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Security" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Security </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/storage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Storage" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Storage </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Cross-product tools" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/access-resources" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Access and resources management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Access and resources management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/costs-usage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Costs and usage management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Costs and usage management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/devtools" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud SDK, languages, frameworks, and tools" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud SDK, languages, frameworks, and tools </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/iac" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Infrastructure as code" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Infrastructure as code </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/migration" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Migration" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Migration </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Related sites" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Home" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Home </span> </a> </li> <li class="devsite-nav-item"> <a href="/free" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Free Trial and Free Tier" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Free Trial and Free Tier </span> </a> </li> <li class="devsite-nav-item"> <a href="/architecture" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Architecture Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Architecture Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Blog" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Blog </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Sales" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Sales </span> </a> </li> <li class="devsite-nav-item"> <a href="/developers" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace </span> </a> </li> <li class="devsite-nav-item"> <a href="/marketplace/docs" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace Documentation" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace Documentation </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Skills Boost" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Skills Boost </span> </a> </li> <li class="devsite-nav-item"> <a href="/solutions" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Solution Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Solution Center </span> </a> </li> <li class="devsite-nav-item"> <a href="/support-hub" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Support" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Support </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Tech Youtube Channel" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Tech Youtube Channel </span> </a> </li> </ul> </div> </div> </nav> </devsite-book-nav> <section id="gc-wrapper"> <main role="main" class="devsite-main-content" has-book-nav has-sidebar > <div class="devsite-sidebar"> <div class="devsite-sidebar-content"> <devsite-toc class="devsite-nav" role="navigation" aria-label="On this page" depth="2" scrollbars ></devsite-toc> <devsite-recommendations-sidebar class="nocontent devsite-nav"> </devsite-recommendations-sidebar> </div> </div> <devsite-content> <article class="devsite-article"> <div class="devsite-article-meta nocontent" role="navigation"> <ul class="devsite-breadcrumb-list" aria-label="Breadcrumb"> <li class="devsite-breadcrumb-item "> <a href="https://cloud.google.com/" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="" > Home </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/docs" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="2" track-type="globalNav" track-name="breadcrumb" track-metadata-position="2" track-metadata-eventdetail="Documentation" > Documentation </a> </li> </ul> </div> <devsite-feedback position="header" project-name="Documentation" product-id="83405" bucket="Documentation" context="" version="t-devsite-webserver-20241114-r00-rc02.464922260396498922" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="header" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/favicons/onecloud/super_cloud.png" > <button> Send feedback </button> </devsite-feedback> <h1 class="devsite-page-title" tabindex="-1"> Default encryption at rest </h1> <devsite-feature-tooltip ack-key="AckCollectionsBookmarkTooltipDismiss" analytics-category="Site-Wide Custom Events" analytics-action-show="Callout Profile displayed" analytics-action-close="Callout Profile dismissed" analytics-label="Create Collection Callout" class="devsite-page-bookmark-tooltip nocontent" dismiss-button="true" id="devsite-collections-dropdown" dismiss-button-text="Dismiss" close-button-text="Got it"> <devsite-bookmark></devsite-bookmark> <span slot="popout-heading"> Stay organized with collections </span> <span slot="popout-contents"> Save and categorize content based on your preferences. </span> </devsite-feature-tooltip> <div class="devsite-page-title-meta"><devsite-view-release-notes></devsite-view-release-notes></div> <devsite-toc class="devsite-nav" depth="2" devsite-toc-embedded > </devsite-toc> <div class="devsite-article-body clearfix "> <meta name="gtm_var" data-key="docType" data-value="whitepaper"> <p><em>This content was last updated in May 2024 and represents the status quo as of the time that it was written. Google&#39;s security policies and systems may change going forward, as we continually improve protection for our customers.</em></p> <p>At Google, our comprehensive security strategy includes encryption at rest, which helps to protect customer data from attackers. We encrypt all Google customer content at rest, without any action required by you, using one or more encryption mechanisms. This document describes our approach to default encryption at rest for Google infrastructure and Google Cloud, and how we use it to keep customer content more secure.</p> <p>This document is for security architects and security teams who are currently using or considering Google. This document assumes a basic understanding of <a href="https://wikipedia.org/wiki/Encryption" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">encryption</a> and <a href="https://wikipedia.org/wiki/Cryptographic_primitive" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">cryptographic primitives</a>. For more information on cryptography, see <a href="https://www.cs.umd.edu/%7Ejkatz/imc.html" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">Introduction to Modern Cryptography</a>.</p> <p>Encryption at rest is encryption that is used to help protect data that is stored on a disk (including solid-state drives) or backup media. All data that is stored by Google is encrypted at the storage layer using the Advanced Encryption Standard (AES) algorithm, AES-256. We use a common cryptographic library, Tink, which includes our FIPS 140-2 validated module (named <a href="/security/compliance/fips-140-2-validated" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external"><em>BoringCrypto</em></a>) to implement encryption consistently across Google Cloud.</p> <p>We own and manage the keys used in default encryption at rest. If you use Google Cloud, Cloud Key Management Service lets you create your own encryption keys that you can use to add envelope encryption to your data. Using Cloud KMS, you can create, rotate, track, and delete keys. For more information, see <a href="/docs/security/key-management-deep-dive" track-type="concepts" track-name="internalLink" track-metadata-position="body">Cloud Key Management Service deep dive</a>.</p> <h2 id="how_encryption_at_rest_helps_to_secure_data" data-text="How encryption at rest helps to secure data" tabindex="-1">How encryption at rest helps to secure data</h2> <p>Encryption at rest is one piece of a broader security strategy. Encryption has the following benefits:</p> <ul> <li>Helps to ensure that if data falls into an attacker&#39;s hands, the attacker cannot read the data without also having access to the encryption keys. Even if attackers obtain the storage devices that contain customer data, they won&#39;t be able to understand or decrypt it.</li> <li>Helps to reduce the surface of attack by cutting out the lower layers of the hardware and software stack.</li> <li>Acts as a chokepoint because centrally managed encryption keys create a single place where access to data is enforced and can be audited.</li> <li>Helps to reduce the attack surface because instead of having to protect all data, businesses can focus their protection strategies on the encryption keys.</li> <li>Provides an important privacy mechanism for our customers. When data is encrypted at rest, it limits the access that systems and engineers have to the data</li> </ul> <h2 id="what_is_customer_data" data-text="What is customer data?" tabindex="-1">What is customer data?</h2> <p>As defined in the <a href="/terms" track-type="concepts" track-name="internalLink" track-metadata-position="body">Google Cloud Terms of Service</a>, <em>customer data</em> is data that customers or end users provide to Google through the services under their account.</p> <p>Customer content is data that you generate yourself or provide to us, like data stored in Cloud Storage buckets, Persistent Disk volumes, and disk snapshots used by Compute Engine. This document focuses on default encryption at rest for this type of customer data.</p> <p>Customer metadata is data about your customer content and includes auto-generated project numbers, timestamps, IP addresses, the byte size of an object in Cloud Storage, or the machine type in Compute Engine. Customer metadata is protected to a degree that is reasonable for ongoing performance and operations. This document doesn’t focus on the protections for metadata.</p> <p>Together, customer content and customer metadata make up customer data.</p> <h2 id="default_encryption_of_data_at_rest" data-text="Default encryption of data at rest" tabindex="-1">Default encryption of data at rest</h2> <p>Google encrypts all customer content stored at rest, without any action from you, using one or more encryption mechanisms. The following sections describe the mechanisms that we use to encrypt customer content.</p> <h3 id="layers_of_encryption" data-text="Layers of encryption" tabindex="-1">Layers of encryption</h3> <p>Google uses several layers of encryption to help protect data. Using multiple layers of encryption adds redundant data protection and allows us to select the optimal approach based on application requirements.</p> <p>The following diagram shows the several layers of encryption that are generally used to protect user data in Google production data centers. Either distributed file system encryption or database and file storage encryption is in place for all user data, and storage device encryption is in place for all data in Google production data centers.</p> <p><img src="/static/docs/security/encryption/default-encryption/resources/encryption-layers.svg" alt="The several layers of encryption."></p> <h3 id="hardware" data-text="Encryption at the hardware and infrastructure layer" tabindex="-1">Encryption at the hardware and infrastructure layer</h3> <p>All of Google&#39;s storage systems use a similar encryption architecture, though implementation details differ from system to system. Data is broken into subfile chunks for storage; each chunk can be up to several gigabytes in size. Each chunk is encrypted at the storage level with an individual data encryption key (DEK): two chunks won&#39;t have the same DEK, even if they are owned by the same customer or stored on the same machine. (A data chunk in Datastore, App Engine, and Pub/Sub may contain the data of multiple customers.)</p> <p>If a chunk of data is updated, it is encrypted with a new key, rather than by reusing the existing key. This partitioning of data, each using a different key, limits the risk of a potential data encryption key compromise to only that data chunk.</p> <p>Google encrypts data before it is written to a database storage system or hardware disk. Encryption is inherent in all of our storage systems, rather than added afterward.</p> <p>Each data chunk has a unique identifier. Access control lists (ACLs) help to ensure that each chunk can be decrypted only by Google services that operate with authorized roles, which are granted access only at that point in time. This access limitation helps to prevent access to the data without authorization, strengthening data security and privacy.</p> <p>Each chunk is distributed across our storage systems and is replicated in encrypted form for backup and disaster recovery. An attacker who wants to access customer data would need to know and be able to access two things: all of the storage chunks that correspond to the data that they want and all of the encryption keys that correspond to the chunks.</p> <p>The following diagram shows how data is uploaded to our infrastructure and then broken into encrypted chunks for storage.</p> <p><img src="/static/docs/security/encryption/default-encryption/resources/data-upload-chunks.svg" alt="How data is uploaded."></p> <p>We use the AES algorithm to encrypt data at rest. All data at the storage level is encrypted by DEKs, which use AES-256 by default, with the exception of a small number of <a href="/persistent-disk" track-type="concepts" track-name="internalLink" track-metadata-position="body">Persistent Disks</a> that were created before 2015 that use AES-128. AES is widely used because both AES-256 and AES-128 are recommended by the <a href="https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">National Institute of Standards and Technology (NIST)</a> for long-term storage use, and AES is often included as part of customer compliance requirements.</p> <h3 id="encryption_at_the_storage_device_layer" data-text="Encryption at the storage device layer" tabindex="-1">Encryption at the storage device layer</h3> <p>In addition to <a href="#hardware" track-type="concepts" track-name="internalLink" track-metadata-position="body">storage system level encryption</a>, data is also encrypted at the storage device level with AES-256 for hard disk drives (HDD) and solid-state drives (SSD), using a separate device-level key (which is different from the key used to encrypt the data at the storage level). A small number of legacy HDDs use AES-128. SSDs used by Google implement AES-256 for user data exclusively.</p> <h3 id="encryption_of_backups" data-text="Encryption of backups" tabindex="-1">Encryption of backups</h3> <p>Our backup system ensures that data remains encrypted throughout the backup process. This approach avoids unnecessarily exposing plaintext data.</p> <p>In addition, the backup system further encrypts most backup files independently with their own DEK. The DEK is derived from a key that is stored in Keystore and a randomly generated per-file seed at backup time. Another DEK is used for all metadata in backups, which is also stored in Keystore.</p> <h3 id="fips_compliance_for_data_at_rest" data-text="FIPS compliance for data at rest" tabindex="-1">FIPS compliance for data at rest</h3> <p>Google uses a <a href="/security/compliance/fips-140-2-validated" track-type="concepts" track-name="internalLink" track-metadata-position="body">FIPS 140-2 validated</a> encryption module <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">(certificate 4407)</a> in our production environment.</p> <h2 id="key_management" data-text="Key management" tabindex="-1">Key management</h2> <p>Because of the high volume of keys at Google, and the need for low latency and high availability, DEKs are stored near the data that they encrypt. DEKs are encrypted with (wrapped by) a key encryption key (KEK), using a technique known as <a href="/kms/docs/envelope-encryption" track-type="concepts" track-name="internalLink" track-metadata-position="body">envelope encryption</a>. These KEKs are not specific to customers; instead, one or more KEKs exist for each service.</p> <p>These KEKs are stored centrally in Keystore, a repository built specifically for storing keys. Having a smaller number of KEKs than DEKs and using a central Keystore makes storing and encrypting data at our scale manageable, and lets us track and control data access from a central point.</p> <aside class="note"><strong>Note:</strong><span> Keystore was formerly known as <em>Google&#39;s key management service</em>. It is different from Cloud KMS, which manages the encryption keys for Google Cloud customers and helps customers to create their tenant keys.</span></aside> <p>In Google Cloud, each customer can have shared and non-shared resources. An example of a shared resource is a shared base image in Compute Engine. For shared resources, multiple customers refer to a single copy, which is encrypted by a single DEK. Non-shared resources are split into data chunks and encrypted with keys that are separate from the keys used for other customers. These keys are even separate from those that protect other pieces of the same data owned by that same customer. There are exceptions (for example, Datastore, App Engine, or Pub/Sub) where more than one customer&#39;s data might be encrypted with the same DEK.</p> <h3 id="generating_deks" data-text="Generating DEKs" tabindex="-1">Generating DEKs</h3> <p>The storage system generates DEKs using Google&#39;s common cryptographic library. In general, DEKS are then sent to Keystore to wrap with that storage system&#39;s KEK, and the wrapped DEKs are passed back to the storage system to be kept with the data chunks. When a storage system needs to retrieve encrypted data, it retrieves the wrapped DEK and passes it to Keystore. Keystore then verifies that this service is authorized to use the KEK and, if so, unwraps and returns the plaintext DEK to the service. The service then uses the DEK to decrypt the data chunk into plaintext and verify its integrity.</p> <p>All Google Cloud storage systems adhere to this key management model, but most systems also implement additional levels of storage-side KEKs to create a hierarchy of keys. This allows the systems to provide low latency while using the highest-level KEK (stored in Keystore) as their root of trust.</p> <h3 id="generating_keks" data-text="Generating KEKs" tabindex="-1">Generating KEKs</h3> <p>Most KEKs for encrypting data chunks are generated within Keystore, and the rest are generated inside the storage services. For consistency, all KEKs are generated using Google&#39;s common cryptographic library, using a random number generator (RNG) built by Google. This RNG is based on NIST 800-90Ar1 CTR-DRBG and generates an AES-256 KEK. (In the past, this was AES-128, and some of these keys remain active for decrypting data.)</p> <p>For Intel and AMD processors, the RNG is seeded from <a href="https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">RDRAND instruction</a> and the Linux kernel&#39;s RNG. In turn, the Linux kernel&#39;s RNG is seeded from multiple independent entropy sources, including RDRAND and entropic events from the data center environment (for example, fine-grained measurements of disk seeks and inter-packet arrival times). For Arm processors, the RNG is seeded from the Linux kernel&#39;s RNG.</p> <p>DEKs are wrapped with KEKs using AES-256 or AES-128, depending on the Google Cloud service. We are currently working on upgrading all KEKs for Google Cloud services to AES-256.</p> <h3 id="kek_management" data-text="KEK management" tabindex="-1">KEK management</h3> <p>Keystore was built solely for the purpose of managing KEKs. By design, KEKs used by storage systems aren&#39;t exportable from Keystore; all encryption and decryption with these keys must be done within Keystore. This helps to prevent leaks and misuse, and it enables Keystore to create an audit trail when keys are used.</p> <p>Keystore can automatically rotate KEKs at regular time intervals, using Google&#39;s common cryptographic library to generate new keys. Though we often refer to just a single key, we really mean that data is protected using a key set: one key is active for encryption, and a set of historical keys is active for decryption. The number of historical keys is determined by the key rotation schedule. KEKs are backed up for disaster recovery purposes, and they are indefinitely recoverable.</p> <p>The use of KEKs is managed by ACLs in Keystore for each key, with a per-key policy. Only authorized Google services and users are allowed to access a key. The use of each key is tracked at the level of the individual operation that requires that key—so every time that a user uses a key, the user is authenticated and logged. All data access by users is auditable as part of Google&#39;s overall security and privacy policies.</p> <h3 id="process_for_accessing_encrypted_chunks_of_data" data-text="Process for accessing encrypted chunks of data" tabindex="-1">Process for accessing encrypted chunks of data</h3> <p>When a Google service accesses an encrypted chunk of data, the following occurs:</p> <ol> <li>The service makes a call to the storage system for the data that it needs.</li> <li>The storage system identifies the chunks in which that data is stored (the chunk IDs) and where they are stored.</li> <li>For each chunk, the storage system pulls the wrapped DEK that is stored with that chunk (in some cases, this is done by the service) and sends it to Keystore for unwrapping.</li> <li>The storage system verifies that the identified job is allowed to access that data chunk based on a job identifier and using the chunk ID. Keystore verifies that the storage system is authorized to use the KEK that is associated with the service and to unwrap that specific DEK.</li> <li>Keystore does one of the following: <ul> <li>Passes the unwrapped DEK back to the storage system, which decrypts the data chunk and passes it to the service.</li> <li>In some rare cases, passes the unwrapped DEK to the service. The storage system passes the encrypted data chunk to the service, which decrypts the data chunk and uses it.</li> </ul></li> </ol> <p>This process is different in dedicated storage devices, where the device manages and protects the device-level DEK.</p> <p>The following diagram shows this process. To decrypt a data chunk, the storage service calls Keystore to retrieve the unwrapped DEK for that data chunk.</p> <p><img src="/static/docs/security/encryption/default-encryption/resources/process-encrypted-chunks.svg" alt="Process for encrypting data chunks."></p> <h3 id="encryption_key_hierarchy_and_root_of_trust" data-text="Encryption key hierarchy and root of trust" tabindex="-1">Encryption key hierarchy and root of trust</h3> <p>Keystore is protected by a root key called the <em>keystore master key</em>, which wraps all of the KEKs in Keystore. This keystore master key is AES-256 and is itself stored in another key management service, called Root Keystore. (In the past, the keystore master key was AES-128, and some of these keys remain active for decrypting data.) For additional security, Root Keystore isn&#39;t run on general production machines, but instead is run only on dedicated machines in each Google data center.</p> <p>Root Keystore in turn has its own root key, called the <em>root keystore master key</em>, which is also AES-256 and is stored in a peer-to-peer infrastructure, which is called the <em>root keystore master key distributor</em>, and which replicates these keys globally. (In the past, the root keystore master key was AES-128, and some of these keys remain active for decrypting data.) The root keystore master key distributor only holds the keys in RAM on the same dedicated machines as Root Keystore, and it uses logging to verify proper use.</p> <p>When a new instance of the root keystore master key distributor is started, it is configured with a list of host names of already running distributor instances. Distributor instances can then obtain the root keystore master key from other running instances. Other than the disaster-recovery mechanisms described in <a href="#global" track-type="concepts" track-name="internalLink" track-metadata-position="body">Global availability and replication</a>, the root keystore master key exists only in RAM on a limited number of specially secured machines.</p> <p>To address the scenario where all instances of the root keystore master key distributor in a region restart simultaneously, the root keystore master key is also backed up on secure hardware devices that are stored in physical safes in highly secured areas in multiple geographically distributed locations. This backup would be needed only if all distributor instances in a region were to go down at once. Only a few Google employees can access these safes.</p> <p>The following diagram shows the encryption key hierarchy. The encryption key hierarchy protects a chunk of data with a DEK, wrapped with a KEK in Keystore, which is in turn protected by Root Keystore and the root keystore master key distributor.</p> <p><img src="/static/docs/security/encryption/default-encryption/resources/process-encryption-key-hierarchy.svg" alt="The encryption key hierarchy."></p> <h3 id="summary_of_key_management" data-text="Summary of key management" tabindex="-1">Summary of key management</h3> <p>The following list summarizes key management at Google:</p> <ul> <li>Data is chunked and encrypted with DEKs.</li> <li>DEKs are encrypted with KEKs.</li> <li>KEKs are stored in Keystore.</li> <li>Keystore is run on multiple machines in data centers globally.</li> <li>Keystore keys are wrapped with the Keystore master key, which is stored in Root Keystore.</li> <li>Root Keystore is much smaller than Keystore and runs only on dedicated machines in each data center.</li> <li>Root Keystore keys are wrapped with the root keystore master key, which is stored in the root keystore master key distributor.</li> <li>The Root Keystore master key distributor is a peer-to-peer infrastructure that runs concurrently in RAM on dedicated machines globally. Each machine gets its key material from other running instances in the region.</li> <li>In case all instances of the distributor in a region were to go down, a master key is stored in different secure hardware in physical safes in limited Google locations.</li> </ul> <h3 id="global" data-text="Global availability and replication" tabindex="-1">Global availability and replication</h3> <p>At every level, high availability, low latency, and global access to keys are critical. These characteristics are needed for key management services to be used across Google.</p> <p>For this reason, Keystore is highly scalable, and it is replicated thousands of times in our data centers globally. It is run on regular machines in our production fleet, and instances of Keystore run globally to support Google operations. As a result, the latency of any single key operation is very low.</p> <p>Root Keystore is run on several machines dedicated to security operations in each data center. The Root Keystore master key distributor is run on these same machines, one-to-one with Root Keystore. The Root Keystore master key distributor provides a distribution mechanism using a <a href="https://dl.acm.org/citation.cfm?doid=41840.41841" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">gossiping protocol</a>. At a fixed time interval, each instance of the distributor picks a random other instance to compare its keys with and reconciles any differences in key versions. With this model, there is no central node that all of our infrastructure depends on. This distribution method lets us maintain and protect key material with high availability.</p> <h2 id="googles_common_cryptographic_library" data-text="Google's common cryptographic library" tabindex="-1">Google's common cryptographic library</h2> <p>Google&#39;s common cryptographic library is <a href="https://developers.google.com/tink" target="dgc" track-type="concepts" track-name="dgcLink" track-metadata-position="body">Tink</a>, which incorporates our FIPS 140-2 validated module, <a href="/security/compliance/fips-140-2-validated" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">BoringCrypto</a>. Tink is available to all Google developers. Consistent use of a common library means that only a small team of cryptographers needs to implement this tightly controlled and reviewed code, making it unnecessary for every team at Google to independently develop their own cryptography. A special Google security team is responsible for maintaining this common cryptographic library for all products.</p> <p>The Tink encryption library supports a wide variety of encryption key types and modes, and these are reviewed regularly to ensure that they are current with the latest attacks.</p> <aside class="note"><strong>Note:</strong><span> Google also uses another library called Keymaster. Keymaster shares newer cryptography code in common with Tink, but Keymaster uses a different key-versioning implementation and supports a wider variety of older algorithms.</span></aside> <p>Currently, we use the following encryption algorithms for encryption at rest for DEKs and KEKs. These are subject to change as we continue to improve our capabilities and security.</p> <table> <thead> <tr> <th><strong>Cryptographic primitive</strong></th> <th><strong>Preferred protocols</strong></th> <th><strong>Other supported protocols</strong></th> </tr> </thead> <tbody> <tr> <td>Symmetric encryption</td> <td>AES-GCM (256 bits)</td> <td><ul> <li>AES-CBC and AES-CTR (128 and 256 bits)</li> </ul> <ul> <li>AES-EAX (128 and 256 bits)</li> </ul> </td> </tr> <tr> <td>Symmetric signatures (where used with AES-CBC and AES-CTR above for authentication)</td> <td>HMAC-SHA256</td> <td><ul> <li>HMAC-SHA512</li> </ul> <ul> <li>HMAC-SHA1</li> </ul> </td> </tr> </tbody> </table> <p>Other cryptographic protocols exist in the library and were historically supported, but this table covers the primary uses at Google.</p> <h2 id="research_and_innovation_in_cryptography" data-text="Research and innovation in cryptography" tabindex="-1">Research and innovation in cryptography</h2> <p>To keep pace with the evolution of encryption, we have a team of world-class security engineers tasked with following, developing, and improving encryption technology. Our engineers take part in standardization processes and in maintaining widely used encryption software. <a href="https://www.google.com/about/appsecurity/research/" track-type="concepts" track-name="internalLink" track-metadata-position="body">We regularly publish our research</a> in the field of encryption so that everyone—including the general public—can benefit from our knowledge.</p> <p>For example, in post-quantum cryptography research, we are working in the following areas:</p> <ul> <li><p><strong>Standardization</strong>: We co-designed the stateless hash-based digital signature scheme that is standardized as <a href="https://csrc.nist.gov/pubs/fips/205/ipd">FIPS 205</a>. We are editors of the International Organization for Standardization (ISO) standard on <a href="https://www.iso.org/standard/80492.html">post-quantum cryptography hash-based signatures</a> and contributed to <a href="https://www.ietf.org/archive/id/draft-wiggers-hbs-state-00.txt">guidance on state management</a> for hash-based signatures at IETF.</p></li> <li><p><strong>Enablement</strong>: We <a href="https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms/">rolled out post-quantum cryptography</a> to our internal protocol for transport layer security. We enabled support for post-quantum cryptography in <a href="https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html">Chrome</a>. We added several post-quantum cryptography algorithms in our <a href="https://github.com/google/tink/tree/master/cc/experimental/pqcrypto">Tink cryptographic library</a>. This code is experimental and is designed to help educate the community about each approach.</p></li> <li><p><strong>Publications</strong>: We published <a href="https://www.nature.com/articles/s41586-022-04623-2"><em>Transitioning organizations to post-quantum cryptography</em></a> in <em>Nature</em>. This paper provides an overview of post-quantum cryptography migration challenges. We also published a research paper on getting post-quantum cryptography in <a href="https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html">our security keys</a>.</p></li> </ul> <p>Note that symmetric encryption (using AES-128 or later) remains resistant to quantum attacks.</p> <h2 id="whats_next" data-text="What's next" tabindex="-1">What's next</h2> <ul> <li><p>For information about using your own encryption keys in Google Cloud, see <a href="/kms/docs/cmek" track-type="concepts" track-name="internalLink" track-metadata-position="body">Customer-managed encryption keys (CMEK)</a>.</p></li> <li><p>For general information on Google Cloud security, see the <a href="/security" track-type="concepts" track-name="internalLink" track-metadata-position="body">Security section of the Google Cloud website</a>.</p></li> <li><p>For information on Google Cloud compliance and compliance certifications, see the <a href="/security/compliance" track-type="concepts" track-name="internalLink" track-metadata-position="body">Compliance section of the Google Cloud website</a>, which includes Google&#39;s <a href="https://www.google.com/work/soc3.html" track-type="concepts" track-name="internalLink" track-metadata-position="body">public SOC3 audit report</a>.</p></li> <li><p>For information on Google Workspace encryption and key management, see <a href="https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-encryption-whitepaper-gsuite.pdf" target="external" track-type="concepts" track-name="externalLink" track-metadata-position="body" class="external">How Google Workspace uses encryption to protect your data</a>, which covers much of the same content included here, but focuses solely on Google Workspace.</p></li> </ul> <devsite-hats-survey class="nocontent" hats-id="Nd7nTix2o0eU5NUYprb0ThtUc5jf" listnr-id="83405"></devsite-hats-survey> </div> <div class="devsite-floating-action-buttons"> </div> </article> <devsite-content-footer class="nocontent"> <p>Except as otherwise noted, the content of this page is licensed under the <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 License</a>, and code samples are licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 License</a>. For details, see the <a href="https://developers.google.com/site-policies">Google Developers Site Policies</a>. Java is a registered trademark of Oracle and/or its affiliates.</p> <p>Last updated 2024-11-26 UTC.</p> </devsite-content-footer> <devsite-notification > </devsite-notification> <div class="devsite-content-data"> <template class="devsite-thumb-rating-feedback"> <devsite-feedback position="thumb-rating" project-name="Documentation" product-id="83405" bucket="Documentation" context="" version="t-devsite-webserver-20241114-r00-rc02.464922260396498922" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="thumb-rating" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/favicons/onecloud/super_cloud.png" > <button> Need to tell us more? </button> </devsite-feedback> </template> <template class="devsite-content-data-template"> [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-26 UTC."],[],[]] </template> </div> </devsite-content> </main> <devsite-footer-promos class="devsite-footer"> </devsite-footer-promos> <devsite-footer-linkboxes class="devsite-footer"> <nav class="devsite-footer-linkboxes nocontent" aria-label="Footer links"> <ul class="devsite-footer-linkboxes-list"> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Why Google</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/why-google-cloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-type="footer link"track-metadata-eventDetail="cloud.google.com/why-google-cloud/"track-metadata-child_headline="why google"track-name="choosing google cloud"track-metadata-position="footer"track-metadata-module="footer"> Choosing Google Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/trust-center/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-position="footer"track-metadata-module="footer"track-name="trust and security"track-type="footer link"track-metadata-child_headline="why google"track-metadata-eventDetail="cloud.google.com/security/"> Trust and security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/modern-infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-eventDetail="cloud.google.com/solutions/modern-infrastructure/"track-metadata-child_headline="why google"track-metadata-position="footer"track-name="modern infrastructure cloud"track-metadata-module="footer"track-type="footer link"> Modern Infrastructure Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/multicloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-name="multicloud"track-metadata-child_headline="why google"track-metadata-position="footer"track-type="footer link"track-metadata-eventDetail="cloud.google.com/multicloud/"track-metadata-module="footer"> Multicloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/infrastructure/"track-name="global infrastructure"track-metadata-child_headline="why google"track-metadata-position="footer"> Global infrastructure </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/customers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-child_headline="why google"track-name="customers and case studies"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/customers/"> Customers and case studies </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/analyst-reports/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-eventDetail="cloud.google.com/analyst-reports/"track-name="analyst reports"track-metadata-position="footer"track-metadata-module="footer"track-type="footer link"track-metadata-child_headline="why google"> Analyst reports </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/whitepapers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-position="footer"track-metadata-module="footer"track-type="footer link"track-name="whitepapers"track-metadata-eventDetail="cloud.google.com/whitepapers/"track-metadata-child_headline="why google"> Whitepapers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/blog/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-name="blog"track-type="footer link"track-metadata-child_headline="engage"track-metadata-eventDetail="cloud.google.com/blog/"track-metadata-position="footer"track-metadata-module="footer"> Blog </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Products and pricing</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/pricing/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-child_headline="products and pricing"track-metadata-position="footer"track-metadata-module="footer"track-type="footer link"track-name="google cloud pricing"track-metadata-eventDetail="cloud.google.com/pricing/"> Google Cloud pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//workspace.google.com/pricing.html" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-position="footer"track-metadata-child_headline="products and pricing"track-type="footer link"track-name="google workspace pricing"target="_blank"track-metadata-eventDetail="workspace.google.com/pricing.html"track-metadata-module="footer"> Google Workspace pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/products/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-eventDetail="cloud.google.com/products/"track-metadata-child_headline="products and pricing"track-metadata-position="footer"track-name="see all products"track-type="footer link"track-metadata-module="footer"> See all products </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Solutions</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/solutions/infrastructure-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-name="infrastructure modernization"track-metadata-child_headline="solutions"track-metadata-eventDetail="cloud.google.com/solutions/infrastructure-modernization/"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"> Infrastructure modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/databases/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-child_headline="solutions"track-name="databases"track-type="footer link"track-metadata-eventDetail="cloud.google.com/solutions/databases"track-metadata-position="footer"track-metadata-module="footer"> Databases </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/application-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-eventDetail="cloud.google.com/solutions/application-modernization/"track-metadata-position="footer"track-name="application development"track-type="footer link"track-metadata-child_headline="solutions"track-metadata-module="footer"> Application modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/smart-analytics/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-position="footer"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/solutions/smart-analytics/"track-metadata-child_headline="solutions"track-name="smart analytics"track-type="footer link"> Smart analytics </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/ai/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/solutions/ai/"track-metadata-child_headline="solutions"track-metadata-position="footer"track-type="footer link"track-name="artificial intelligence"> Artificial Intelligence </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/security/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-type="footer link"track-name="security"track-metadata-position="footer"track-metadata-child_headline="solutions"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/solutions/security/"> Security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://workspace.google.com/enterprise/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" target="_blank"track-metadata-child_headline="solutions"track-name="productivity and work transformation"track-metadata-eventDetail="workspace.google.com/enterprise/"track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"> Productivity & work transformation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#industry-solutions" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-eventDetail="cloud.google.com/solutions/#industry-solutions"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-name="industry solutions"track-metadata-child_headline="solutions"> Industry solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/devops/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-type="footer link"track-name="devops solutions"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/solutions/devops/"track-metadata-child_headline="solutions"track-metadata-position="footer"> DevOps solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#section-14" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-type="footer link"track-metadata-child_headline="solutions"track-name="small business solutions"track-metadata-eventDetail="cloud.google.com/solutions/#section-14"track-metadata-position="footer"track-metadata-module="footer"> Small business solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-metadata-module="footer"track-name="see all solutions"track-metadata-position="footer"track-metadata-child_headline="solutions"track-type="footer link"track-metadata-eventDetail="cloud.google.com/solutions/"> See all solutions </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Resources</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/affiliate-program/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-name="google cloud affiliate program"track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/affiliate-program/"track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"> Google Cloud Affiliate Program </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-name="google cloud documentation"track-type="footer link"track-metadata-position="footer"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/docs/"track-metadata-child_headline="resources"> Google Cloud documentation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/get-started/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="resources"track-name="google cloud quickstarts"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/docs/get-started/"> Google Cloud quickstarts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/marketplace/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/marketplace/"track-name="google cloud marketplace"> Google Cloud Marketplace </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/discover/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-metadata-child_headline="resources"track-metadata-position="footer"track-name="learn about cloud computing"track-metadata-eventDetail="learn/"track-metadata-module="footer"track-type="footer link"> Learn about cloud computing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/support-hub/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/support-hub/"track-metadata-child_headline="resources"track-metadata-position="footer"track-type="footer link"track-name="support"> Support </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/samples" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-name="code samples"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/docs/samples"track-metadata-child_headline="resources"> Code samples </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/architecture/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-child_headline="resources"track-type="footer link"track-metadata-eventDetail="cloud.google.com/architecture/"track-metadata-module="footer"track-name="cloud architecture center"track-metadata-position="footer"> Cloud Architecture Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/training/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-child_headline="resources"track-name="training"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/training/"track-type="footer link"track-metadata-position="footer"> Training </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/certification/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-type="footer link"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/certification"track-metadata-child_headline="resources"track-metadata-module="footer"track-name="certifications"> Certifications </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//developers.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-type="footer link"target="_blank"track-metadata-position="footer"track-metadata-eventDetail="developers.google.com"track-metadata-child_headline="resources"track-metadata-module="footer"track-name="google developers"> Google for Developers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/startup/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-name="google cloud for startups"track-metadata-position="footer"track-metadata-child_headline="resources"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/startup/"track-type="footer link"> Google Cloud for Startups </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//status.cloud.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" track-metadata-position="footer"track-metadata-module="footer"target="_blank"track-name="system status"track-metadata-eventDetail="status.cloud.google.com"track-type="footer link"track-metadata-child_headline="resources"> System status </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/release-notes" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 14)" track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/release-notes/"track-type="footer link"track-name="release notes"track-metadata-position="footer"track-metadata-module="footer"> Release Notes </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Engage</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/contact/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-eventDetail="cloud.google.com/contact/"track-metadata-module="footer"track-metadata-child_headline="engage"track-metadata-position="footer"track-name="contact sales"track-type="footer link"> Contact sales </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/find-a-partner" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" target="_blank"track-name="find a partner"track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/find-a-partner"track-metadata-child_headline="engage"track-metadata-position="footer"> Find a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/partners/become-a-partner/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-name="become a partner"track-metadata-eventDetail="cloud.google.com/partners/become-a-partner/"track-type="footer link"track-metadata-child_headline="engage"track-metadata-position="footer"track-metadata-module="footer"> Become a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/events/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-child_headline="engage"track-type="footer link"track-name="events"track-metadata-position="footer"track-metadata-eventDetail="cloud.withgoogle.com/events"track-metadata-module="footer"> Events </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/podcasts/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" rel="noopener"track-metadata-module="footer"target="_blank"track-name="podcasts"track-metadata-eventDetail="cloud.google.com/podcasts/"track-type="footer link"track-metadata-child_headline="engage"track-metadata-position="footer"> Podcasts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/developers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-name="developer center"track-metadata-child_headline="engage"track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/developers/"track-metadata-position="footer"> Developer Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudpresscorner.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-child_headline="engage"track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"rel="noopener"target="_blank"track-metadata-eventDetail="www.googlecloudpresscorner.com"track-name="press corner"> Press Corner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-module="footer"track-metadata-child_headline="engage"target="_blank"track-type="footer link"track-metadata-eventDetail="www.youtube.com/googlecloud"track-name="google cloud on youtube"track-metadata-position="footer"rel="noopener"> Google Cloud on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloudplatform" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-eventDetail="www.youtube.com/googlecloudplatform"track-metadata-module="footer"track-metadata-child_headline="engage"target="_blank"rel="noopener"track-name="google cloud tech on youtube"track-type="footer link"track-metadata-position="footer"> Google Cloud Tech on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//x.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-metadata-child_headline="engage"track-metadata-eventDetail="x.com/googlecloud"track-name="follow on x"rel="noopener"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"target="_blank"> Follow on X </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-metadata-position="footer"target="_blank"track-metadata-module="footer"track-type="footer link"track-metadata-eventDetail="userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693"track-metadata-child_headline="engage"track-name="join user research"> Join User Research </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//careers.google.com/cloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="careers.google.com/cloud"track-metadata-child_headline="engage"target="_blank"track-metadata-position="footer"track-name="we are hiring join google cloud"> We're hiring. Join Google Cloud! </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudcommunity.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" target="_blank"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="engage"track-metadata-position="footer"track-metadata-eventDetail="www.googlecloudcommunity.com"track-name="google cloud community"rel="noopener"> Google Cloud Community </a> </li> </ul> </li> </ul> </nav> </devsite-footer-linkboxes> <devsite-footer-utility class="devsite-footer"> <div class="devsite-footer-utility nocontent"> <nav class="devsite-footer-utility-links" aria-label="Utility links"> <ul class="devsite-footer-utility-list"> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//about.google/" data-category="Site-Wide Custom Events" data-label="Footer About Google link" target="_blank" track-metadata-position="footer" track-metadata-eventDetail="//about.google/" track-metadata-module="utility footer" track-type="footer link" track-name="about google" > About Google </a> </li> <li class="devsite-footer-utility-item devsite-footer-privacy-link"> <a class="devsite-footer-utility-link gc-analytics-event" href="//policies.google.com/privacy" data-category="Site-Wide Custom Events" data-label="Footer Privacy link" target="_blank" track-metadata-module="utility footer" track-metadata-position="footer" track-name="privacy" track-type="footer link" track-metadata-eventDetail="//policies.google.com/privacy" > Privacy </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//www.google.com/intl/en/policies/terms/regional.html" data-category="Site-Wide Custom Events" data-label="Footer Site terms link" track-metadata-position="footer" target="_blank" track-metadata-module="utility footer" track-type="footer link" track-name="site terms" track-metadata-eventDetail="//www.google.com/intl/en/policies/terms/regional.html" > Site terms </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="/product-terms/" data-category="Site-Wide Custom Events" data-label="Footer Google Cloud terms link" track-name="google cloud terms" track-metadata-position="footer" track-type="footer link" track-metadata-eventDetail="/product-terms/" track-metadata-module="utility footer" > Google Cloud terms </a> </li> <li class="devsite-footer-utility-item glue-cookie-notification-bar-control"> <a class="devsite-footer-utility-link gc-analytics-event" href="#" data-category="Site-Wide Custom Events" data-label="Footer Manage cookies link" track-metadata-position="footer" track-name="Manage cookies" track-metadata-eventDetail="#" aria-hidden="true" track-metadata-module="utility footer" track-type="footer link" > Manage cookies </a> </li> <li class="devsite-footer-utility-item devsite-footer-carbon-button"> <a class="devsite-footer-utility-link gc-analytics-event" href="/sustainability" data-category="Site-Wide Custom Events" data-label="Footer Our third decade of climate action: join us link" track-metadata-position="footer" track-metadata-module="utility footer" track-name="Our third decade of climate action: join us" track-metadata-eventDetail="/sustainability/" track-type="footer link" > Our third decade of climate action: join us </a> </li> <li class="devsite-footer-utility-item devsite-footer-utility-button"> <span class="devsite-footer-utility-description">Sign up for the Google Cloud newsletter</span> <a class="devsite-footer-utility-link gc-analytics-event" href="/newsletter/" data-category="Site-Wide Custom Events" data-label="Footer Subscribe link" track-metadata-position="footer" track-name="subscribe" track-type="footer link" track-metadata-module="utility footer" track-metadata-eventDetail="/newsletter/" > Subscribe </a> </li> </ul> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> </nav> </div> </devsite-footer-utility> <devsite-panel></devsite-panel> </section></section> <devsite-sitemask></devsite-sitemask> <devsite-snackbar></devsite-snackbar> <devsite-tooltip ></devsite-tooltip> <devsite-heading-link></devsite-heading-link> <devsite-analytics> <script type="application/json" analytics>[]</script> <script type="application/json" tag-management>{&#34;at&#34;: &#34;True&#34;, &#34;ga4&#34;: [], &#34;ga4p&#34;: [], &#34;gtm&#34;: [{&#34;id&#34;: &#34;GTM-5CVQBG&#34;, &#34;purpose&#34;: 1}], &#34;parameters&#34;: {&#34;internalUser&#34;: &#34;False&#34;, &#34;language&#34;: {&#34;machineTranslated&#34;: &#34;False&#34;, &#34;requested&#34;: &#34;en&#34;, &#34;served&#34;: &#34;en&#34;}, &#34;pageType&#34;: &#34;article&#34;, &#34;projectName&#34;: &#34;Documentation&#34;, &#34;signedIn&#34;: &#34;False&#34;, &#34;tenant&#34;: &#34;cloud&#34;, &#34;recommendations&#34;: {&#34;sourcePage&#34;: &#34;&#34;, &#34;sourceType&#34;: 0, &#34;sourceRank&#34;: 0, &#34;sourceIdenticalDescriptions&#34;: 0, &#34;sourceTitleWords&#34;: 0, &#34;sourceDescriptionWords&#34;: 0, &#34;experiment&#34;: &#34;&#34;}, &#34;experiment&#34;: {&#34;ids&#34;: &#34;&#34;}}}</script> </devsite-analytics> <devsite-badger></devsite-badger> <cloudx-user></cloudx-user> <cloudx-free-trial-eligible-store freeTrialEligible='true'></cloudx-free-trial-eligible-store> <cloudx-pricing-socket></cloudx-pricing-socket> <cloudx-experiments type="TestAACodivertedExperiment" path="/virtual/TestAACodivertedExperiment/configureExperiment" location="SG" variant="variant2" ></cloudx-experiments> <cloudx-experiment-ids userCountry="SG" devsiteExperimentIdList="[39300012, 39300022, 39300118, 39300195, 39300241, 39300317, 39300320, 39300325, 39300346, 39300354, 39300363, 39300374, 39300412, 39300421, 39300436, 39300472, 39300487, 39300496, 39300498]"> </cloudx-experiment-ids> <script nonce="g4KfwlqbHNLWv+kADMKzVPW1e6l71I"> (function(d,e,v,s,i,t,E){d['GoogleDevelopersObject']=i; t=e.createElement(v);t.async=1;t.src=s;E=e.getElementsByTagName(v)[0]; E.parentNode.insertBefore(t,E);})(window, document, 'script', 'https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/js/app_loader.js', '[2,"en",null,"/js/devsite_app_module.js","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud","https://cloud-dot-devsite-v2-prod.appspot.com",1,null,["/_pwa/cloud/manifest.json","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/images/video-placeholder.svg","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/favicons/onecloud/favicon.ico","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/cloud/images/cloud-logo.svg","https://fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"],1,null,[1,6,8,12,14,17,21,25,50,52,63,70,75,76,80,87,91,92,93,97,98,100,101,102,103,104,105,107,108,109,110,112,113,117,118,120,122,124,125,126,127,129,130,131,132,133,134,135,136,138,140,141,147,148,149,151,152,156,157,158,159,161,163,164,168,169,170,179,180,182,183,186,191,193,196],"AIzaSyAP-jjEJBzmIyKR4F-3XITp8yM9T1gEEI8","AIzaSyB6xiKGDR5O3Ak2okS4rLkauxGUG7XP0hg","cloud.google.com","AIzaSyAQk0fBONSGUqCNznf6Krs82Ap1-NV6J4o","AIzaSyCCxcqdrZ_7QMeLCRY20bh_SXdAYqy70KY",null,null,null,["Profiles__enable_complete_playlist_endpoint","Profiles__enable_release_notes_notifications","Analytics__enable_clearcut_logging","Cloud__enable_llm_concierge_chat","DevPro__enable_cloud_innovators_plus","Profiles__enable_dashboard_curated_recommendations","DevPro__enable_developer_subscriptions","Cloud__enable_legacy_calculator_redirect","Profiles__enable_page_saving","MiscFeatureFlags__emergency_css","Concierge__enable_concierge_restricted","Search__enable_suggestions_from_borg","MiscFeatureFlags__developers_footer_dark_image","Cloud__enable_cloud_shell","Search__enable_ai_eligibility_checks","MiscFeatureFlags__developers_footer_image","Search__scope_to_project_tenant","Profiles__enable_completecodelab_endpoint","Cloud__enable_cloud_facet_chat","Profiles__require_profile_eligibility_for_signin","Cloud__enable_free_trial_server_call","TpcFeatures__enable_mirror_tenant_redirects","Search__enable_page_map","MiscFeatureFlags__enable_explain_this_code","CloudShell__cloud_code_overflow_menu","Cloud__enable_cloudx_experiment_ids","EngEduTelemetry__enable_engedu_telemetry","Cloud__enable_cloud_dlp_service","Profiles__enable_public_developer_profiles","Cloud__enable_cloud_shell_fte_user_flow","Experiments__reqs_query_experiments","Search__enable_ai_search_summaries_restricted","Profiles__enable_developer_profiles_callout","MiscFeatureFlags__enable_project_variables","Profiles__enable_profile_collections","MiscFeatureFlags__enable_view_transitions","TpcFeatures__enable_required_headers","MiscFeatureFlags__enable_variable_operator","Search__enable_dynamic_content_confidential_banner","Concierge__enable_pushui","Profiles__enable_awarding_url","CloudShell__cloud_shell_button","MiscFeatureFlags__enable_firebase_utm","Profiles__enable_recognition_badges","Search__enable_ai_search_summaries","Cloud__enable_cloudx_ping","BookNav__enable_tenant_cache_key"],null,null,"AIzaSyBLEMok-5suZ67qRPzx0qUtbnLmyT_kCVE","https://developerscontentserving-pa.clients6.google.com","AIzaSyCM4QpTRSqP5qI4Dvjt4OAScIN8sOUlO-k","https://developerscontentsearch-pa.clients6.google.com",1,4,1,"https://developerprofiles-pa.clients6.google.com",[2,"cloud","Google Cloud","cloud.google.com",null,"cloud-dot-devsite-v2-prod.appspot.com",null,null,[1,1,null,null,null,null,null,null,null,null,null,[1],null,null,null,null,null,1,[1],[null,null,null,[1,20],"/terms/recommendations"],[1],null,[1],[1,null,1],[1,1,null,null,1,null,["/vertex-ai/"]]],null,[22,null,null,null,null,null,"/images/cloud-logo.svg","/images/favicons/onecloud/apple-icon.png",null,null,null,null,1,1,1,[6,5],[],null,null,[[],[],[],[],[],[],[],[]],null,1,null,null,null,null,[]],[],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[6,1,14,15,22,23,29,37],null,[[null,null,null,null,null,null,[1,[["docType","Choose a content type",[["ApiReference",null,null,null,null,null,null,null,null,"API reference"],["Sample",null,null,null,null,null,null,null,null,"Code sample"],["ReferenceArchitecture",null,null,null,null,null,null,null,null,"Reference architecture"],["Tutorial",null,null,null,null,null,null,null,null,"Tutorial"]]],["category","Choose a topic",[["AiAndMachineLearning",null,null,null,null,null,null,null,null,"Artificial intelligence and machine learning (AI/ML)"],["ApplicationDevelopment",null,null,null,null,null,null,null,null,"Application development"],["BigDataAndAnalytics",null,null,null,null,null,null,null,null,"Big data and analytics"],["Compute",null,null,null,null,null,null,null,null,"Compute"],["Containers",null,null,null,null,null,null,null,null,"Containers"],["Databases",null,null,null,null,null,null,null,null,"Databases"],["HybridCloud",null,null,null,null,null,null,null,null,"Hybrid and multicloud"],["LoggingAndMonitoring",null,null,null,null,null,null,null,null,"Logging and monitoring"],["Migrations",null,null,null,null,null,null,null,null,"Migrations"],["Networking",null,null,null,null,null,null,null,null,"Networking"],["SecurityAndCompliance",null,null,null,null,null,null,null,null,"Security and compliance"],["Serverless",null,null,null,null,null,null,null,null,"Serverless"],["Storage",null,null,null,null,null,null,null,null,"Storage"]]]]]],[1],null,1],[[null,null,null,null,null,["GTM-5CVQBG"],null,null,null,null,null,[["GTM-5CVQBG",2]],1],null,null,null,null,null,1],"mwETRvWii0eU5NUYprb0Y9z5GVbc",4,null,null,null,null,null,null,null,null,null,null,null,null,null,"cloud.devsite.google"],null,"pk_live_5170syrHvgGVmSx9sBrnWtA5luvk9BwnVcvIi7HizpwauFG96WedXsuXh790rtij9AmGllqPtMLfhe2RSwD6Pn38V00uBCydV4m"]') </script> <devsite-a11y-announce></devsite-a11y-announce> </body> </html>