Packer version 1.4.4
-
While building the googlecompute packer image, I need to encrypt the temporary instance’s disk with Cloud KMS keys. I could not find any possible way in the documentation pages. Please help me in this case.
-
Also, give me a sample code block of encrypting the image itself. I’m bit confused with the documentation example image_encryption_key
{
"kmsKeyName": "projects/${project}/locations/${region}/keyRings/computeEngine/cryptoKeys/computeEngine/cryptoKeyVersions/4"
}
If the above example is correct, where should I use the parameter image_encryption_key?
I don’t think it is currently possible to launch the instance with custom keys, but it could be worth a feature request: https://github.com/hashicorp/packer/issues/new?labels=enhancement&template=feature_requests.md
Below is an example of how to use the image_encryption_key option:
"builders": [
{
"type": "googlecompute",
"image_name": "myname",
"account_file": "path/to/account/file.json",
"project_id": "proj-id-123456",
"source_image_family": "ubuntu-1804-lts",
"ssh_username": "packer",
"zone": "us-central1-c",
"state_timeout": "20m",
"image_encryption_key": {
"kmsKeyName": "projects/${project}/locations/${region}/keyRings/computeEngine/cryptoKeys/computeEngine/cryptoKeyVersions/4"
}
}
],