In the event of a compromised encryption key stored in Cloud Key Management Service (Cloud KMS), what steps should be taken to re-encrypt all CMEK-protected Cloud Storage data with a new key, delete the compromised key, and ensure future objects are protected with CMEK encryption?

Powered ByGPT-5

Google Professional Data Engineer