Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The most wrong part of that previous team is to store private keys unencrypted in the cloud, not the performance part.


I mean... literally every VM running nginx or apache that I've ever seen has had the SSL certs just sitting on the filesystem in /etc/ssl or /etc/letsencrypt or similar... All of letsencrypt's documentation points people in that direction.


My understanding is that everything is encrypted by default in GCP. Though you need to manually configure encryption keys if you want to prevent Google ever having access to your data.


This I don't understand. Even if you configure KMS, those are still keys stored on Google infra.


You can use your own KMS outside the Google infrastructure. https://cloud.google.com/storage/docs/encryption/customer-su...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: