Fortanix External Key Control and Management for Google Cloud Platform (GCP)

Fortanix External Key Manager generates and stores encryption keys outside of Google Cloud (GCP) and within customer datacenters.

Download Datasheet

Request a Demo

External Key Control and Management for Google Cloud Platform

Most organizations are looking to move their data and workloads into the public cloud. But they are held back because of compliance reasons or regulatory reasons and they are not comfortable with the cloud holding onto their keys. Organizations need greater control and security over their cloud keys. Fortanix integrates with Google Cloud Platform’s External Key Manager service to enable organizations to move the data to the cloud and get the same level of security for keys that they’re used to in their own on-prem environments. Protect your BigQuery and other cloud native services data by doing server-side encryption. Keys for the encryption are never stored at GCP. They are always under your control, away from the cloud. At a click of a button, in real time, enable and disable access to your data from specific instances and locations.

paypal-gcp-generic

Key Benefits

COMPLETE CONTROL OF KEYS

COMPLETE CONTROL OF KEYS

Fortanix allows customers to stop decryption of data-at-rest with a kill switch and the key material never leaves the Fortanix Key Management Service. Customer gets complete control of how to authorize the use of the Google Cloud’s External Key Manager keys.
MEET COMPLIANCE REQUIREMENTS

MEET COMPLIANCE REQUIREMENTS

Fortanix offers a FIPS 140-2 Level 3 certified Fortanix Runtime Encryption® Appliance, to store cloud keys on-premises enabling financial services, healthcare, and other regulated industries to meet their compliance requirements.
SIMPLIFIED AND CENTRALIZED ENCRYPTION

SIMPLIFIED AND CENTRALIZED ENCRYPTION

Fortanix with Google Cloud’s External Key Manager provides a single, simple, and centralized encryption platform that accelerates moving applications to public cloud, while also providing a single set of cryptographic services to on-premises, hybrid, and cloud workloads.
UNIFIED DATA PROTECTION PLATFORM

UNIFIED DATA PROTECTION PLATFORM

Fortanix delivers HSM, Key Management, Encryption and Tokenization for your hybrid and cloud native apps, all from a single integrated solution.

How does Google Cloud’s External Key Manager work?

Services running on GCP, such as Big Query and GCE, currently can use an encryption key hosted by Google Cloud KMS or Cloud HSM to secure their data at rest. An envelope encryption scheme is followed where the data is encrypted using a local data encryption key (DEK), which in turn is encrypted using a key encryption key (KEK) in Cloud KMS or Cloud HSM. Google allays the concerns of customers who don’t want to trust the public cloud by extending the envelope encryption scheme to allow the KEK to be encrypted using an externally managed key encryption key (EKEK).

How does Google Cloud’s External Key Manager work

Background image

Ready to test Fortanix Runtime Encryption?

Request a demo
dsm dashboard

Platform

Fortanix Armor

Armet AI

NEW

Key Insight

Data Security Manager

Confidential Computing Manager

Open Source Platform

Enclave Development Platform®

Solutions

Use Cases

Legacy to Cloud Infrastructure Migration

Regulatory Compliance

Post-Quantum Readiness

Secure, Data-Driven Innovation

Company

About Us

Partners

Careers

Confidential Computing

University

Blog

FAQ

Contact Us

Awards

Events

Press

News

Services

Media Kit

Newsletters

Customers

Resources

Support

Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2025

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712