2
– Integrating Google Cloud Platform with SafeNet Luna HSM
Google Cloud Platform Integration Guide
10
2
Integrating Google Cloud Platform with
SafeNet Luna HSM
Setting up SafeNet Luna HSM with Google Cloud
HSMs provide strong physical protection of secure assets, including keys, and should be considered a best
practice when using cloud.
Before You Begin
Read the VM instances documentation on Google Cloud.
To use the command-line examples in this guide:
a. Install the Luna Client and create NTLS with the HSM partition.
b. Download and install the Open SSL and add openssl.exe location to PATH variable in System
Environment.
c. Install the gcloud command-line tool.
d. Set a default region and zone.
Read about disks, images, and persistent disk snapshots.
Generating the CSEK for Google Cloud
After creating the NTLS connection with HSM partition download and import the Google Public Key on the HSM
partition which will be use to wrap the generated AES256 key.
To use the CSEK for Google Cloud with SafeNet Luna HSM follow the steps below.
1. Download the public certificate maintained by Google Compute Engine from:
https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
Save the file in Luna Client Installation directory. This will simplify execution of other commands.
2. Open the command prompt and go to the SafeNet Luna Client installation directory.
# cd “C:\Program Files\SafeNet\LunaClient”
3. Extract the public key from the certificate using Open SSL:
# openssl x509 -pubkey -noout -in google-cloud-csek-ingress.pem > pubkey.pem
4. Import the extracted Public Key to HSM partition using the
cmu
utility provided with SafeNet Luna Client.
# cmu import -pubkey pubkey.pem -inputFile pubkey.pem -label "google public key"