Encrypt the temporary instance's disk with Google Cloud KMS keys

Packer version 1.4.4

  1. While building the googlecompute packer image, I need to encrypt the temporary instance’s disk with Cloud KMS keys. I could not find any possible way in the documentation pages. Please help me in this case.

  2. Also, give me a sample code block of encrypting the image itself. I’m bit confused with the documentation example image_encryption_key

   "kmsKeyName": "projects/${project}/locations/${region}/keyRings/computeEngine/cryptoKeys/computeEngine/cryptoKeyVersions/4"

If the above example is correct, where should I use the parameter image_encryption_key?

I don’t think it is currently possible to launch the instance with custom keys, but it could be worth a feature request: https://github.com/hashicorp/packer/issues/new?labels=enhancement&template=feature_requests.md

Below is an example of how to use the image_encryption_key option:

  "builders": [
      "type": "googlecompute",
      "image_name": "myname",
      "account_file": "path/to/account/file.json",
      "project_id": "proj-id-123456",
      "source_image_family": "ubuntu-1804-lts",
      "ssh_username": "packer",
      "zone": "us-central1-c",
      "state_timeout": "20m",
      "image_encryption_key": {
           "kmsKeyName": "projects/${project}/locations/${region}/keyRings/computeEngine/cryptoKeys/computeEngine/cryptoKeyVersions/4"