Cloud Build

6. Compliance

  • Customer-Managed Encryption Keys (CMEK) compliance by encrypting the build-time persistent disk (PD) with an ephemeral key. 
  • Key is uniquely generated for each build. 
  • Key is wiped from memory as soon as build begins.
  • Key is not stored anywhere and is not accessible to Google engineers or support staff.