undefined | Better HN

0 pointsnetheril963y ago0 comments

The most wrong part of that previous team is to store private keys unencrypted in the cloud, not the performance part.

0 comments

4 comments · 2 top-level

oittaa3y ago· 2 in thread

My understanding is that everything is encrypted by default in GCP. Though you need to manually configure encryption keys if you want to prevent Google ever having access to your data.

FooBarWidget3y ago

This I don't understand. Even if you configure KMS, those are still keys stored on Google infra.

oittaa3y ago

You can use your own KMS outside the Google infrastructure. https://cloud.google.com/storage/docs/encryption/customer-su...

thraxil3y ago

I mean... literally every VM running nginx or apache that I've ever seen has had the SSL certs just sitting on the filesystem in /etc/ssl or /etc/letsencrypt or similar... All of letsencrypt's documentation points people in that direction.

j / k navigate · click thread line to collapse