Customer-managed encryption keys (CMEK) Stay organized with collections Save and categorize content based on your preferences.
By default, Vertex AI encrypts customer content at rest. Vertex AI handles encryption for you without any additional actions on your part. This option is calledGoogle default encryption.
If you want to control your encryption keys, then you can use customer-managed encryption keys (CMEKs) inCloud KMS with CMEK-integrated services including Vertex AI. Using Cloud KMS keys gives you control over their protection level, location, rotation schedule, usage and access permissions, and cryptographic boundaries. Using Cloud KMS also letsyoutrack key usage, view audit logs, andcontrol key lifecycles. Instead of Google owning and managing the symmetrickey encryption keys (KEKs) that protect your data, you control and manage these keys in Cloud KMS.
After you set up your resources with CMEKs, the experience of accessing your Vertex AI resources is similar to using Google default encryption. For more information about your encryption options, seeCustomer-managed encryption keys (CMEK).
This guide describes some benefits of using CMEK for Vertex AI resourcesand walks through how to configure a training job to use CMEK.
For more information about how to use CMEK for Colab Enterprise, seetheColab Enterprise CMEK page. For moreinformation about how to use CMEK for Vertex AI Workbench instances, seetheVertex AI Workbench instancesCMEK page.
CMEK for Vertex AI resources
The following sections describe basic information about CMEK forVertex AI resources that you must understand before configuring CMEK foryour jobs.
Benefits of CMEK
In general, CMEK is most useful if you need full control over the keys used toencrypt your data. With CMEK, you can manage your keys withinCloud KMS. For example, you can rotate or disable a key or you can setup a rotation schedule using the Cloud KMS API. For more information aboutCMEK in general, including when and why to enable it, see theCloud KMS documentation.
When you run anAutoML orcustomtrainingjob, your code runs on one or more virtual machine (VM) instances managed byVertex AI.When you enableCMEK for Vertex AI resources, the key that you designate, rather than akey managed by Google, is used to encrypt data on the boot disks of these VMs.The CMEK key encrypts the following kinds of data:
- The copy of your code on the VMs.
- Any data that gets loaded by your code.
- Any temporary data that gets saved to the local disk by your code.
- Automl-trained models.
- Media files (data) uploaded into media datasets.
In general, the CMEK key doesnot encrypt metadata associated with youroperation, like the job's name and region, or a dataset's display name.Metadata associated with operations is alwaysencrypted using Google's default encryption mechanism.
Fordatasets, when a user imports data into dataset, the data items andannotations are CMEK-encrypted. The dataset display name is not CMEK-encrypted.
Formodels, the models stored in the storage system (for example, disk) areCMEK-encrypted. All the model evaluation results are CMEK-encrypted.
Forendpoints, all model files used for the model deployment under theendpoint are CMEK-encrypted. This does not include any in-memory data.
Forbatch prediction, any temporary files (such as model files, logs, VMdisks) used to execute the batch prediction job are CMEK-encrypted. Batchprediction results are stored in the user provided destination.Consequently, Vertex AI respects the default value of thedestination's encryption config. Otherwise, results will also be encrypted withCMEK.
Fordata labeling, any input files (image, text, tabular), temporarydiscussion (for example, questions, feedback) and output (labeling result)are CMEK-encrypted. The annotation spec display names are not CMEK-encrypted.
Foragents, CMEK encrypts all source files used for agent development.Additionally, container images and deployed instances for the agent are alsoCMEK-encrypted.
External keys
You can useCloud External Key Manager (Cloud EKM) to create external keys, that you manage,to encrypt data within Google Cloud.
When you use a Cloud EKM key, Google has no control over theavailability of your externally-managed key. If you request access to aresource encrypted with an externally-managed key, and the key is unavailable,then Vertex AI will reject the request. There can be a delay of up to10 minutes before you can access the resourceonce the key becomes available.
For more considerations when using external keys, seeCloud External Key Manager.
Use CMEK with other Google Cloud products
Configuring CMEK for Vertex AI resources doesnot automaticallyconfigure CMEK for other Google Cloud products that you use together withVertex AI. To use CMEK to encrypt data in otherGoogle Cloud products, additional configuration is required. For example:
Cloud Storage: When you perform custom training, Vertex AIusually loads your data from Cloud Storage. When youuse a Pythontraining application and a prebuilt container fortraining, Vertex AIalso loads your code from a Cloud Storage bucket. In addition, sometraining jobs exporttrained model artifacts (for example, a TensorFlow SaveModel directory) to aCloud Storage bucket as part of their output.
To ensure that your data in Cloud Storage is encrypted with CMEK,read theCloud Storage guide to using customer-managed encryptionkeys. You can set yourencryption key as the default key for the Cloud Storage bucket(s)that you use with Vertex AI, or you can use it to encrypt specific objects.
Artifact Registry: When youuse a custom container fortraining, you can configureVertex AI to load your container image from Artifact Registry.
To ensure that your container image is encrypted with CMEK, read theArtifact Registry guide to CMEK.
Cloud Logging: When you run a training job, Vertex AI training saves logs toLogging. To encrypt these logs by using CMEK,seeConfigure CMEK for Cloud Logging.
Current CMEK-supported resources
The current Vertex AI resources covered by CMEK are as follows. CMEKsupport for Preview features is in Preview status as well.
| Resource | Material encrypted | Documentation links |
|---|---|---|
| Dataset |
| |
| Model |
| |
| Endpoint |
| |
| CustomJob |
| |
| HyperparameterTuningJob |
| |
| TrainingPipeline |
| |
| BatchPredictionJob (excludes AutoML image batchPrediction) |
| |
| ModelDeploymentMonitoringJob |
| |
| PipelineJob |
| |
| MetadataStore |
| |
| TensorBoard |
| |
| Featurestore |
| |
| Index |
| |
| IndexEndpoint |
| |
| Colab Enterprise runtime |
| |
| Colab Enterprise notebook |
| |
| Vertex AI Agent Engine |
|
CMEK support for Generative AI tuning pipelines
CMEK support is provided in the tuning pipeline of the following models:
BERTT5image-generation (GPU)
Limitations
CMEK support isn't provided in the following:
- AutoML image model batch prediction (
BatchPredictionJob) - TPU tuning
Configure CMEK for your resources
The following sections describe how to create a key ring and key in Cloud Key Management Service,grant Vertex AI encrypter and decrypter permissions for yourkey, and create resources that use CMEK.
Before you begin
This guide assumes that you use two separate Google Cloud projects toconfigure CMEK for Vertex AI data:
- A project for managing your encryption key (referred to as the"Cloud KMS project").
- A project for accessing Vertex AI data or output inCloud Storage, and interacting with any other Google Cloudproducts that you need for your use case (referred to as the"AI Platform project").
This recommended setup supports aseparation ofduties.
Alternatively, you can use a single Google Cloud project for the wholeguide. To do so, use the same project for all of the following tasks that referto the Cloud KMS project and the tasks that refer to theAI Platform project.
Set up the Cloud KMS project
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Cloud KMS API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Cloud KMS API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.
Set up the AI Platform project
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Vertex AI API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Vertex AI API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.
Set up the Google Cloud CLI
The gcloud CLI is required for some steps in this guide and optionalfor others.Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:
gcloudinit
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: You can run the gcloud CLI in the Google Cloud console without installing the Google Cloud CLI. To run the gcloud CLI in the Google Cloud console,use Cloud Shell.Create a key ring and key
Follow theCloud KMS guide to creating symmetrickeys to create a key ring and a key. When you createyour key ring, specifya region that supportsVertex AI operations asthe key ring's location. Vertex AI trainingonly supportsCMEK when your resource and key use the same region. You must not specify adual-regional, multi-regional, or global location for your key ring.
Make sure to create your key ring and key in your Cloud KMS project.
Grant Vertex AI permissions
To use CMEK for your resources, you must grant Vertex AI permission toencrypt and decrypt data using your key. Vertex AI uses aGoogle-managed service agent to runoperations using your resources. This service account is identified by an emailaddress with the following format:
service-PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.comTo find the appropriate service account for your AI Platform project, goto theIAM page in the Google Cloud console and find the member that matchesthis email address format, with theprojectnumber foryour AI Platform project replacing theAI_PLATFORM_PROJECT_NUMBER variable. The service account also has thenameVertex AI Service Agent.
Make note of the email address for this service account, and use it in thefollowing steps to grant it permission to encrypt and decrypt data using yourkey. You can grant permission by using the Google Cloud console or by using theGoogle Cloud CLI:
Google Cloud console
In the Google Cloud console,Click Security and selectKey Management. This will take you toCryptographic Keys page andselect your Cloud KMS project.
Click on the name of the key ring that you created ina preceding sectionof this guide to go to theKey ringdetails page.
Select the checkbox for the key that you created ina preceding section ofthis guide. If an info panel labeled with thename of your key is not already open, clickShow info panel.
In the info panel, click
person_addAdd member to open theAdd membersto "KEY_NAME" dialog. In this dialog, do the following:- In theNew members box, enter the service account email address thatyou made a note of in the preceding section:
service-AI_PLATFORM_PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com In theSelect a role drop-down list, clickCloud KMSand then select theCloud KMS CryptoKey Encrypter/Decrypterrole.
ClickSave.
- In theNew members box, enter the service account email address thatyou made a note of in the preceding section:
gcloud
Run the following command:
gcloudkmskeysadd-iam-policy-bindingKEY_NAME\--keyring=KEY_RING_NAME\--location=REGION\--project=KMS_PROJECT_ID\--member=serviceAccount:service-AI_PLATFORM_PROJECT_NUMBER@gcp-sa-aiplatform.iam.gserviceaccount.com\--role=roles/cloudkms.cryptoKeyEncrypterDecrypterIn this command, replace the following placeholders:
- KEY_NAME: The name of the key that you created ina precedingsection of this guide.
- KEY_RING_NAME: The key ring that you created ina precedingsection of this guide.
- REGION: The region where you created your key ring.
- KMS_PROJECT_ID: The ID of your Cloud KMS project.
- AI_PLATFORM_PROJECT_NUMBER: The project number of yourAI Platform project, which you noted in the preceding section as partof a service account email address.
Create resources with the KMS key
When you create a newCMEK-supported resource you can specifyyour key as one of the create parameters.
Console
When you create a newCMEK-supported resource in theVertex AI section of theGoogle Cloud console, you canselect your key in the general or advanced option section:

REST & CMD Line
When you create asupported resource, add anencryptionSpec object to your request and set theencryptionSpec.kmsKeyName field to point to your keyresource.
For example, whencreating adataset resource you wouldspecify your key in the request body:
{ "displayName":DATASET_NAME, "metadataSchemaUri":METADATA_URI, "encryptionSpec": { "kmsKeyName": "projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_NAME/cryptoKeys/KEY_NAME" } }Java
When you create a supported resource, set theEncryptionSpec topoint to your key resource. See theVertex AI client library for Java documentation for more information.
Node.js
When you create a supported resource, set theencryptionSpec parameter topoint to your key resource. See theVertex AI client library for Node.js documentation for more information.
Python
When you create a supported resource, set theencryption_spec parameter topoint to your key resource. See thePython Client for Cloud AI Platform documentation for more information.
What's next
- Learn more aboutCMEK on Google Cloud.
- Learnhow to use CMEK with other Google Cloudproducts.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.