You are implementing data protection by design in compliance with GDPR. During design reviews, you are required to manage the encryption key for a solution that uses Compute Engine, Google Kubernetes Engine, Cloud Storage, BigQuery, and Pub/Sub workloads. Which option should you select for this implementation?