Google Cloud HSM
This tutorial uses Google Cloud HSM ↗ — a FIPS 140-2 Level 3 certified implementation.
Before you start
Section titled “Before you start”Make sure that you have:
- Set up your Google Cloud project ↗
1. Create a key ring
Section titled “1. Create a key ring”To set up the Google Cloud HSM, create a key ring ↗ and indicate its location.
2. Create a key
Section titled “2. Create a key”Create a key, including the following information:
| Field | Value |
|---|---|
| Key ring | The key ring you created in Step 2 |
| Protection level | HSM |
| Purpose | Asymmetric Encrypt |
3. Import the private key
Section titled “3. Import the private key”After creating a key ring and key, import the private key ↗.
4. Modify your gokeyless config file and restart the service
Section titled “4. Modify your gokeyless config file and restart the service”Once you’ve imported the key, copy the Resource name from the UI. Then, add this value to the gokeyless YAML file under private_key_stores.
With the config file saved, restart gokeyless and verify it started successfully.
sudo systemctl restart gokeyless.servicesudo systemctl status gokeyless.service -lWas this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark