Status: IN
CMEK uses server-side, symmetric, envelope encryption with customer-controlled 256-bit AES-GCM keys; key material never leaves the Cloud KMS system boundary.
Source: entries/2026/03/11/kms-cmek.md
JSON