Google Cloud HSM
This tutorial uses Google Cloud HSM ↗ — a FIPS 140-2 Level 3 certified implementation.
Make sure that you have:
- Set up your Google Cloud project ↗
To set up the Google Cloud HSM, create a key ring ↗ and indicate its location.
Create a key, including the following information:
| Field | Value | 
|---|---|
| Key ring | The key ring you created in Step 2 | 
| Protection level | HSM | 
| Purpose | Asymmetric Encrypt | 
After creating a key ring and key, import the private key ↗.
Once you’ve imported the key, copy the Resource name from the UI. Then, add this value to the gokeyless YAML file under private_key_stores.
With the config file saved, restart gokeyless and verify it started successfully.
sudo systemctl restart gokeyless.servicesudo systemctl status gokeyless.service -lWas this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark