services / Google Cloud / Cloud KMS EKM Configs

A Cloud KMS EKM config applies to all keys with a protection level of EXTERNAL_VPC in a given project or location. These are keys managed by and stored in an external key management system and accessed by Cloud KMS over VPC.




This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​cloud.​google.​com/​kms/​docs/​reference/​rest/​v1/​EkmConfig
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog