{"id":15386,"date":"2024-03-07T08:25:23","date_gmt":"2024-03-07T16:25:23","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=15386"},"modified":"2024-03-15T08:34:56","modified_gmt":"2024-03-15T15:34:56","slug":"data-security-customer-managed-encryption-keys-in-capella","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/data-security-customer-managed-encryption-keys-in-capella\/","title":{"rendered":"Desbloqueio da seguran\u00e7a de dados: Chaves de criptografia gerenciadas pelo cliente na Capella"},"content":{"rendered":"<p><span style=\"font-weight: 400\">A Capella entende a import\u00e2ncia da seguran\u00e7a de dados para sua empresa, especialmente ao usar servi\u00e7os em nuvem. \u00c9 por isso que temos o prazer de anunciar um novo recurso que permite que voc\u00ea assuma o controle sobre a prote\u00e7\u00e3o de seus dados: <\/span><b>Chaves de criptografia gerenciadas pelo cliente (CMEK).<\/b><\/p>\n<h2><span style=\"font-weight: 400\">O que \u00e9 CMEK?<\/span><\/h2>\n<p><span style=\"font-weight: 400\">A CMEK \u00e9 uma pr\u00e1tica de seguran\u00e7a em nuvem bem conhecida que permite usar chaves de criptografia autogerenciadas para criptografar e descriptografar dados em repouso. Nessa pr\u00e1tica, a chave de criptografia \u00e9 criada e reside no ambiente de propriedade do cliente e \u00e9 usada pelo fornecedor terceirizado para criptografar\/descriptografar os dados do cliente que residem com o fornecedor. O principal objetivo dessa pr\u00e1tica \u00e9 permitir que os clientes gerenciem totalmente os aspectos de seguran\u00e7a, como o algoritmo de criptografia e as pol\u00edticas de rota\u00e7\u00e3o de chaves.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Quem deve usar o CMEK?<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Um sistema de chave de criptografia gerenciado pelo cliente \u00e9 ideal para empresas que:<br \/>\n<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Lidar com dados altamente confidenciais sujeitos a conformidade rigorosa.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Necessidade de atender a normas espec\u00edficas de seguran\u00e7a de dados.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400\">Introdu\u00e7\u00e3o ao CMEK em Capella<\/span><\/h2>\n<p><span style=\"font-weight: 400\">A capacidade de associar chaves de criptografia gerenciadas pelo cliente \u00e9 suportada por meio de <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/programmatic-admin-capella-management-api\/\"><span style=\"font-weight: 400\">a API de gerenciamento do Capella.<\/span><\/a><span style=\"font-weight: 400\">\u00a0 Hoje, esse recurso est\u00e1 dispon\u00edvel para todos os clusters do AWS e do GCP no Capella, onde os clientes podem associar o CMEK a um cluster novo ou existente.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Nos bastidores, a Capella n\u00e3o tem conhecimento do conte\u00fado da chave e a utiliza para simplesmente criptografar e descriptografar dados em repouso.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Quando um CMEK \u00e9 associado a um cluster Capella existente, o cluster \u00e9 reimplantado e os volumes persistentes s\u00e3o criptografados com essa chave. Essa opera\u00e7\u00e3o tamb\u00e9m causa um reequil\u00edbrio de troca on-line dos n\u00f3s para permitir que o Capella criptografe os dados de maneira confi\u00e1vel.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Este blog \u00e9 um tutorial no qual criaremos uma nova chave de criptografia gerenciada pelo cliente e a associaremos a um cluster Capella. Ao longo do processo, usaremos as APIs de gerenciamento V4 para criar, associar e girar a chave.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Pr\u00e9-requisitos<\/span><\/h2>\n<h3><span style=\"font-weight: 400\">Cria\u00e7\u00e3o de uma chave no servi\u00e7o de gerenciamento de chaves (KMS) nativo da nuvem<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Primeiro, criaremos uma nova chave em nosso KMS nativo da nuvem. Para isso, verifique se voc\u00ea tem as permiss\u00f5es corretas para acessar o KMS no AWS ou no GCP de forma program\u00e1tica ou por meio do console da interface do usu\u00e1rio.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Uma vez no console do KMS na nuvem, ao configurar a chave, certifique-se de que a chave seja do tipo <\/span><b>Sim\u00e9trico.<\/b><span style=\"font-weight: 400\">\u00a0Isso criar\u00e1 uma \u00fanica chave que pode ser usada para criptografia e descriptografia.<\/span><\/p>\n<p><span style=\"font-weight: 400\">A segunda etapa importante \u00e9 definir o uso da chave para permitir <\/span><b>Criptografar e descriptografar <\/b><span style=\"font-weight: 400\">opera\u00e7\u00f5es. Isso garantir\u00e1 que a chave possa ser usada especificamente para criptografar e descriptografar dados em repouso.<\/span><\/p>\n<p><b>AWS:<\/b><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image8.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15387\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image8-1024x459.jpg\" alt=\"Accessing key management services\" width=\"900\" height=\"403\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8-1024x459.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8-300x134.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8-768x344.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8-1536x688.jpg 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8-1320x592.jpg 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image8.jpg 1794w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p><b>GCP:<\/b><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image6.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15388\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image6-1024x838.jpg\" alt=\"Customer managed keys in GCP\" width=\"900\" height=\"737\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image6-1024x838.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image6-300x246.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image6-768x629.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image6.jpg 1268w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<h3><span style=\"font-weight: 400\">Regionalidade da chave<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Ao configurar a chave no AWS ou no GCP, certifique-se de que ela resida na mesma regi\u00e3o que o cluster do Capella. Ambos os provedores de nuvem nos permitem selecionar a regionalidade da chave, que pode ser <em>Individual<\/em> ou <em>Multi-regional<\/em>.<\/span><\/p>\n<p><span style=\"font-weight: 400\">No AWS, se a chave for <em>multirregi\u00e3o<\/em>Para que isso aconte\u00e7a, \u00e9 importante ter pelo menos uma r\u00e9plica da chave na mesma regi\u00e3o do cluster do Capella. Em seguida, devemos associar o ARN (Amazon Resource Name) dessa r\u00e9plica de chave ao cluster do Capella.<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image9.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15389\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image9-1024x616.jpg\" alt=\"Configuring regionality of keys in Capella\" width=\"900\" height=\"541\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image9-1024x616.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image9-300x180.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image9-768x462.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image9.jpg 1310w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400\">No GCP, um <\/span><b>Global<\/b><span style=\"font-weight: 400\"> O Key Ring garantir\u00e1 que a chave esteja dispon\u00edvel em qualquer local do GCP. Verificar <\/span><a href=\"https:\/\/cloud.google.com\/kms\/docs\/locations?hl=en&amp;_ga=2.91307482.-1591003540.1704397183#regional:\"><span style=\"font-weight: 400\">Locais suportados pelo GCP para o Cloud KMS <\/span><\/a><span style=\"font-weight: 400\">e certifique-se de que o local do cluster do Capella corresponda aos locais compat\u00edveis com o KMS.<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15390\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image4-1024x910.jpg\" alt=\"Create a global key ring GCP\" width=\"900\" height=\"800\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image4-1024x910.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image4-300x267.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image4-768x683.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image4.jpg 1152w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<h3><span style=\"font-weight: 400\">Configura\u00e7\u00e3o da API de gerenciamento do Capella V4<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Para as pr\u00f3ximas etapas deste tutorial, precisaremos de acesso para executar as APIs de gerenciamento V4 no Capella. Siga <\/span><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/programmatic-admin-capella-management-api\/\"><span style=\"font-weight: 400\">este blog<\/span><\/a><span style=\"font-weight: 400\"> para come\u00e7ar a usar rapidamente as APIs de gerenciamento V4.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 1: tornar a chave acess\u00edvel para a Capella<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Agora que temos uma CMEK criada com sucesso em nossa conta de nuvem autogerenciada, precisamos garantir que o Capella possa usar essa chave para criptografar\/descriptografar dados em repouso.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Para fornecer esse acesso, primeiro precisamos capturar a ID da conta de nuvem correspondente do Capella, que \u00e9 exclusiva para cada organiza\u00e7\u00e3o implantada no Capella.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Execute essa API V4 para obter as informa\u00e7\u00f5es:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">curl --request GET \\ https:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/cloudAccounts&amp;nbsp; --header 'Authorization: Bearer &lt;V4 API Key Secret&gt;'<\/pre>\n<p><span style=\"font-weight: 400\">Um exemplo de resposta ser\u00e1 parecido com o seguinte -<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:js decode:true\">{\r\n \"aws-capella-account\": \"1234567890\",\r\n \"azure-capella-subscription\": \"cb-1234567890abcdef\",\r\n \"gcp-capella-project\": \"cb-1234567890abcdef\"\r\n}<\/pre>\n<p><span style=\"font-weight: 400\">Copie o ID da conta de nuvem correspondente. Ex: se o seu CMEK estiver localizado no AWS, copie o ID da conta do AWS do Capella. Isso tamb\u00e9m significa que voc\u00ea precisa criar um CMEK no mesmo provedor de nuvem que o provedor de nuvem do seu cluster Capella.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Atualiza\u00e7\u00e3o da pol\u00edtica de acesso \u00e0s chaves<\/span><\/h3>\n<p><span style=\"font-weight: 400\">No AWS, adicione acesso ao Capella atualizando a pol\u00edtica de acesso do CMEK da seguinte forma:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:js decode:true\">{\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Sid\": \"Allow use of the key\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Effect\": \"Allow\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Principal\": {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"AWS\": \"arn:aws:iam::&lt;capella-aws-account-id&gt;:root\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0},\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Action\": [\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"kms:DescribeKey\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"kms:GenerateDataKeyWithoutPlainText\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"kms:Decrypt\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"kms:ReEncrypt*\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0],\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Resource\": \"*\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0},\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Sid\": \"Allow attachment of persistent resources\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Effect\": \"Allow\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Principal\": {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"AWS\": \"arn:aws:iam::&lt;capella-aws-account-id&gt;:root\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0},\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Action\": \"kms:CreateGrant\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Resource\": \"*\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Condition\": {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Bool\": {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"kms:GrantIsForAWSResource\": \"true\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<\/pre>\n<p><span style=\"font-weight: 400\">Substituir <\/span><b>&lt;capella-aws-account-id&gt;<\/b><span style=\"font-weight: 400\"> com o valor para <\/span><i><span style=\"font-weight: 400\">conta aws-capella<\/span><\/i><span style=\"font-weight: 400\"> da resposta da API.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Para o GCP, basta conceder <\/span><i><span style=\"font-weight: 400\">Criptografador\/descriptografador de criptografia KMS na nuvem<\/span><\/i><span style=\"font-weight: 400\"> permiss\u00f5es para a conta de servi\u00e7o da Capella: <\/span><i><span style=\"font-weight: 400\">rc-cluster-admin@.iam.gserviceaccount.com<\/span><\/i><span style=\"font-weight: 400\">.<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image3.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15391\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image3-911x1024.jpg\" alt=\"Cloud KMS CryptoKey Encrypter\/Decrypter\" width=\"900\" height=\"1012\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image3-911x1024.jpg 911w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image3-267x300.jpg 267w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image3-768x863.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image3-300x337.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image3.jpg 1240w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 2: Informar a Capella sobre a chave<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Na Etapa 1, garantimos que o Capella pudesse usar a chave para criptografar\/descriptografar dados em repouso. Nesta etapa, precisamos informar ao Capella que essa CMEK existe e que pode ser usada por clusters.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Agora, adicionaremos os metadados do CMEK \u00e0 nossa organiza\u00e7\u00e3o Capella:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">curl --request POST \\\r\nhttps:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/cmek \\\r\n\u00a0\u00a0--header 'Authorization: Bearer &lt;V4 API Key Secret&gt;' \\\r\n\u00a0\u00a0--header 'Content-Type: application\/json' \\\r\n\u00a0\u00a0--data '{\r\n\u00a0\u00a0\"name\": \"Test Key\",\r\n\u00a0\u00a0\"description\": \"Description of the Key\",\r\n\u00a0\u00a0\"config\": {\r\n\u00a0\u00a0\u00a0\u00a0\"arn\": \"arn:aws:kms:us-east-1:&lt;customer-owned-aws-account-id&gt;:key\/&lt;key-id&gt;\"\r\n\u00a0\u00a0}\r\n}'<\/pre>\n<p><span style=\"font-weight: 400\">Lembre-se de que, aqui, o ARN de configura\u00e7\u00e3o da chave \u00e9 o ARN da chave, conforme visto na conta do AWS de propriedade do cliente:<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15392\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image1-1024x179.jpg\" alt=\"the ARN of the key, as seen in the customer-owned AWS account\" width=\"900\" height=\"157\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1-1024x179.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1-300x52.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1-768x134.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1-1536x268.jpg 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1-1320x230.jpg 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image1.jpg 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400\">Para o GCP, a carga \u00fatil da API aceitar\u00e1 o <em>resourceName<\/em> da chave KMS.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">curl --request POST \\\r\nhttps:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/cmek \\\r\n\u00a0\u00a0--header 'Authorization: Bearer &lt;V4 API Key Secret&gt;' \\\r\n\u00a0\u00a0--header 'Content-Type: application\/json' \\\r\n\u00a0\u00a0--data '{\r\n\u00a0\u00a0\"name\": \"Test Key\",\r\n\u00a0\u00a0\"description\": \"Description of the Key\",\r\n\u00a0\u00a0\"config\": {\r\n\u00a0\u00a0\u00a0\u00a0\"resourceName\": \"projects\/&lt;gcp-project-name&gt;\/locations\/global\/keyRings\/&lt;keyring-name&gt;\/cryptoKeys\/&lt;key-name&gt;\"\r\n\u00a0\u00a0}}'<\/pre>\n<p><span style=\"font-weight: 400\">Essa API responder\u00e1 com uma ID CMEK. Anote essa ID, pois ela ser\u00e1 usada em chamadas de API subsequentes.<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15393\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image5-1024x213.jpg\" alt=\"\" width=\"900\" height=\"187\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image5-1024x213.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image5-300x62.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image5-768x160.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image5-1320x274.jpg 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image5.jpg 1510w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400\">Depois que a chave \u00e9 adicionada ao Capella, podemos executar facilmente opera\u00e7\u00f5es de listagem, leitura e exclus\u00e3o de chaves usando as APIs V4 nessa chave. <\/span><a href=\"https:\/\/docs.couchbase.com\/cloud\/management-api-reference\/index.html#tag\/cmek\"><i><span style=\"font-weight: 400\">Consulte esta especifica\u00e7\u00e3o de API para obter mais detalhes.<\/span><\/i><\/a><\/p>\n<p><i><span style=\"font-weight: 400\">Observe que o Capella s\u00f3 permitir\u00e1 a exclus\u00e3o da chave se nenhum cluster estiver ativamente associado a ela.<\/span><\/i><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 3: Associar a chave de criptografia a um cluster<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Em seguida, queremos usar esse CMEK para criptografar\/descriptografar os dados em um de nossos clusters do Capella. Para fazer isso, anote a ID do projeto e a ID do cluster espec\u00edfico na interface do usu\u00e1rio do Capella.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Use essa API para associar o CMEK ao referido cluster. O <em>cmekId<\/em> \u00e9 a ID recebida na Etapa 2 quando os metadados do CMEK foram adicionados ao Capella:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">curl --request POST \\\r\nhttps:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/projects\/{projectId}\/clusters\/{clusterId}\/cmek\/{cmekId}\/associate \\\r\n\u00a0--header 'Authorization: Bearer &lt;V4 API Key Secret&gt;'<\/pre>\n<p><span style=\"font-weight: 400\">Quando essa API for chamada, o cluster ser\u00e1 reimplantado enquanto o Capella move todos os dados para novos volumes persistentes. Esses volumes s\u00e3o criados recentemente com o CMEK fornecido. Essa opera\u00e7\u00e3o resultar\u00e1 em um reequil\u00edbrio de swap em todos os n\u00f3s do cluster, sem nenhum tempo de inatividade. A atividade normalmente leva de 5 a 10 minutos, dependendo dos dados e do tamanho do cluster.<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15394\" style=\"border: 1px solid black\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image2-1024x103.jpg\" alt=\"Associating the Encryption Key with a Cluster\" width=\"900\" height=\"91\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2-1024x103.jpg 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2-300x30.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2-768x78.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2-1536x155.jpg 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2-1320x133.jpg 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image2.jpg 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400\">Por fim, veremos o cluster retornar a um status saud\u00e1vel e o CMEK associado ao cluster. Podemos encontrar essas informa\u00e7\u00f5es fazendo um <\/span><a href=\"https:\/\/docs.couchbase.com\/cloud\/management-api-reference\/index.html#tag\/clusters\/operation\/getCluster\"><span style=\"font-weight: 400\">API de detalhes do cluster GET<\/span><\/a><span style=\"font-weight: 400\"> ligar.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Para desassociar a chave do cluster, basta executar essa API:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">curl --request POST \\\r\nhttps:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/projects\/{projectId}\/clusters\/{clusterId}\/cmek\/{cmekId}\/unassociate \\\r\n\u00a0--header 'Authorization: Bearer &lt;V4 API Key Secret&gt;'<\/pre>\n<p><span style=\"font-weight: 400\">Isso reimplantar\u00e1 o cluster, remover\u00e1 a chave e usar\u00e1 uma nova chave de criptografia totalmente gerenciada pelo Capella para criptografar os dados em repouso. Essa atividade tamb\u00e9m resulta em um reequil\u00edbrio de swap e leva alguns minutos.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Como associar a chave a um novo cluster<\/span><\/h3>\n<p><span style=\"font-weight: 400\">A chave pode ser associada a um novo cluster executando o comando <\/span><a href=\"https:\/\/docs.couchbase.com\/cloud\/management-api-reference\/index.html#tag\/clusters\/operation\/postCluster\"><span style=\"font-weight: 400\">criar API de cluster<\/span><\/a><span style=\"font-weight: 400\"> e passando a ID do CMEK na carga \u00fatil da solicita\u00e7\u00e3o da seguinte forma:<\/span><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15395\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image7-779x1024.jpg\" alt=\"\" width=\"779\" height=\"1024\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image7-779x1024.jpg 779w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image7-228x300.jpg 228w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image7-768x1009.jpg 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image7-300x394.jpg 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image7.jpg 953w\" sizes=\"auto, (max-width: 779px) 100vw, 779px\" \/><\/a><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 4: Rota\u00e7\u00e3o da chave de criptografia<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Um aspecto importante da seguran\u00e7a aprimorada dos dados \u00e9 a rota\u00e7\u00e3o da chave de criptografia em um cronograma. O Capella permite que voc\u00ea informe sobre as rota\u00e7\u00f5es de chaves, mas n\u00e3o pode rotacionar a pr\u00f3pria chave. O per\u00edodo de rota\u00e7\u00e3o pode ser decidido de acordo com suas pol\u00edticas de governan\u00e7a de seguran\u00e7a.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Para fazer isso, crie um novo CMEK em sua conta KMS nativa da nuvem. Invoque a API a seguir para informar ao Capella para atualizar o ARN da chave ou o nome do recurso da chave para o mesmo ID do CMEK que est\u00e1 associado ao(s) cluster(s) do Capella.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:js decode:true\">curl --request PUT \\\r\nhttps:\/\/cloudapi.cloud.couchbase.com\/v4\/organizations\/{organizationId}\/cmek\/{cmekId} \\\r\n\u00a0\u00a0--header 'Authorization: Bearer &lt;V4 API Key Secret&gt;' \\\r\n\u00a0\u00a0--header 'Content-Type: application\/json' \\\r\n\u00a0\u00a0--data '{\r\n\u00a0\u00a0\u00a0\"config\": {\r\n\u00a0\u00a0\u00a0\u00a0\"arn\": \"arn:aws:kms:us-east-1:&lt;customer-owned-aws-account-id&gt;:key\/&lt;key-id&gt;\"\r\n\u00a0\u00a0}\r\n}'<\/pre>\n<p><span style=\"font-weight: 400\">Embora o AWS e o GCP nos permitam fornecer uma pol\u00edtica de rota\u00e7\u00e3o para o mesmo recurso de chave, devido ao acesso restrito, o Capella n\u00e3o pode detectar se a chave foi rotacionada automaticamente em sua(s) conta(s) de nuvem. Portanto, a API de rota\u00e7\u00e3o de chaves acima s\u00f3 aceitar\u00e1 um nome de recurso de chave diferente do nome de recurso da chave original.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Quando essa API for invocada, o Capella detectar\u00e1 automaticamente todos os clusters que usam a chave com a referida ID do CMEK e executar\u00e1 uma reimplanta\u00e7\u00e3o para girar o CMEK associado. O Capella remover\u00e1 o recurso de chave mais antigo e associar\u00e1 o novo recurso de chave aos volumes persistentes do cluster. Essa opera\u00e7\u00e3o tamb\u00e9m resultar\u00e1 em um reequil\u00edbrio de troca dos dados em todos os n\u00f3s do(s) cluster(s), novamente sem nenhum tempo de inatividade.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Por fim, voc\u00ea ver\u00e1 que os clusters voltaram a um estado \u00edntegro e que o novo recurso de chave est\u00e1 associado \u00e0 ID CMEK mencionada.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Conclus\u00e3o<\/span><\/h2>\n<p><span style=\"font-weight: 400\">\u00c9 assim que voc\u00ea pode assumir o controle da seguran\u00e7a dos seus dados usando chaves de criptografia gerenciadas pelo cliente para todos os clusters do Couchbase no Capella.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Recursos e pr\u00f3ximas etapas<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Confira estes links sobre a refer\u00eancia da API de gerenciamento V4 e a documenta\u00e7\u00e3o detalhada sobre o uso de chaves de criptografia gerenciadas pelo cliente:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><a href=\"https:\/\/docs.couchbase.com\/cloud\/management-api-reference\/index.html\"><span style=\"font-weight: 400\">Refer\u00eancia da API de gerenciamento do Capella<\/span><\/a><\/li>\n<li style=\"font-weight: 400\"><a href=\"https:\/\/docs.couchbase.com\/cloud\/security\/cmek.html\"><span style=\"font-weight: 400\">Chaves de criptografia gerenciadas pelo cliente (CMEK) no Capella<\/span><\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Se voc\u00ea tiver d\u00favidas ou coment\u00e1rios, deixe um coment\u00e1rio abaixo. Os <\/span><a href=\"https:\/\/forums.couchbase.com\/\"><span style=\"font-weight: 400\">F\u00f3runs do Couchbase<\/span><\/a><span style=\"font-weight: 400\"> ou <\/span><a href=\"https:\/\/discord.com\/invite\/K7NPMPGrPk\"><span style=\"font-weight: 400\">Disc\u00f3rdia do Couchbase<\/span><\/a><span style=\"font-weight: 400\"> Os canais s\u00e3o outro bom lugar para entrar em contato com perguntas.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Capella understands how important data security is to your business, especially when using cloud services. That&#8217;s why we&#8217;re excited to announce a new feature that lets you take control over your data protection: Customer-Managed Encryption Keys (CMEK). What is CMEK? [&hellip;]<\/p>","protected":false},"author":85129,"featured_media":15399,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,2225,1813],"tags":[9929],"ppma_author":[9931],"class_list":["post-15386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-cloud","category-security","tag-cmek"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v26.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Customer-Managed Encryption Keys for AWS &amp; GCP in Capella<\/title>\n<meta name=\"description\" content=\"Take control of your data security by using customer-managed encryption keys for all your Couchbase clusters in Capella. Find a full tutorial and more info here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/data-security-customer-managed-encryption-keys-in-capella\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unlocking Data Security: Customer-Managed Encryption Keys in Capella\" \/>\n<meta property=\"og:description\" content=\"Take control of your data security by using customer-managed encryption keys for all your Couchbase clusters in Capella. Find a full tutorial and more info here.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/data-security-customer-managed-encryption-keys-in-capella\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-07T16:25:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-15T15:34:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image_2024-03-07_100622853-1024x585.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Talina Shrotriya, Software Engineering Manager\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Talina Shrotriya, Software Engineering Manager\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/\"},\"author\":{\"name\":\"Talina Shrotriya, Senior Engineering Manager\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/50c96ba341a92708507fcd493a0ecbb8\"},\"headline\":\"Unlocking Data Security: Customer-Managed Encryption Keys in Capella\",\"datePublished\":\"2024-03-07T16:25:23+00:00\",\"dateModified\":\"2024-03-15T15:34:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/\"},\"wordCount\":1478,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png\",\"keywords\":[\"CMEK\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Capella\",\"Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/\",\"name\":\"Customer-Managed Encryption Keys for AWS & GCP in Capella\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png\",\"datePublished\":\"2024-03-07T16:25:23+00:00\",\"dateModified\":\"2024-03-15T15:34:56+00:00\",\"description\":\"Take control of your data security by using customer-managed encryption keys for all your Couchbase clusters in Capella. Find a full tutorial and more info here.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png\",\"width\":2665,\"height\":1522},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Unlocking Data Security: Customer-Managed Encryption Keys in Capella\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/50c96ba341a92708507fcd493a0ecbb8\",\"name\":\"Talina Shrotriya, Senior Engineering Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/1a67340659be31a858a1d3e12e015b0e\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png\",\"caption\":\"Talina Shrotriya, Senior Engineering Manager\"},\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/talinashrotriya\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Chaves de criptografia gerenciadas pelo cliente para AWS e GCP em Capella","description":"Assuma o controle da seguran\u00e7a de seus dados usando chaves de criptografia gerenciadas pelo cliente para todos os clusters do Couchbase no Capella. Encontre um tutorial completo e mais informa\u00e7\u00f5es aqui.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/data-security-customer-managed-encryption-keys-in-capella\/","og_locale":"pt_BR","og_type":"article","og_title":"Unlocking Data Security: Customer-Managed Encryption Keys in Capella","og_description":"Take control of your data security by using customer-managed encryption keys for all your Couchbase clusters in Capella. Find a full tutorial and more info here.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/data-security-customer-managed-encryption-keys-in-capella\/","og_site_name":"The Couchbase Blog","article_published_time":"2024-03-07T16:25:23+00:00","article_modified_time":"2024-03-15T15:34:56+00:00","og_image":[{"width":1024,"height":585,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/03\/image_2024-03-07_100622853-1024x585.png","type":"image\/png"}],"author":"Talina Shrotriya, Software Engineering Manager","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Talina Shrotriya, Software Engineering Manager","Est. reading time":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/"},"author":{"name":"Talina Shrotriya, Senior Engineering Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/50c96ba341a92708507fcd493a0ecbb8"},"headline":"Unlocking Data Security: Customer-Managed Encryption Keys in Capella","datePublished":"2024-03-07T16:25:23+00:00","dateModified":"2024-03-15T15:34:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/"},"wordCount":1478,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png","keywords":["CMEK"],"articleSection":["Best Practices and Tutorials","Couchbase Capella","Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/","url":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/","name":"Chaves de criptografia gerenciadas pelo cliente para AWS e GCP em Capella","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png","datePublished":"2024-03-07T16:25:23+00:00","dateModified":"2024-03-15T15:34:56+00:00","description":"Assuma o controle da seguran\u00e7a de seus dados usando chaves de criptografia gerenciadas pelo cliente para todos os clusters do Couchbase no Capella. Encontre um tutorial completo e mais informa\u00e7\u00f5es aqui.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_100622853.png","width":2665,"height":1522},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/data-security-customer-managed-encryption-keys-in-capella\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Unlocking Data Security: Customer-Managed Encryption Keys in Capella"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/50c96ba341a92708507fcd493a0ecbb8","name":"Talina Shrotriya, gerente s\u00eanior de engenharia","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/1a67340659be31a858a1d3e12e015b0e","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png","caption":"Talina Shrotriya, Senior Engineering Manager"},"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/talinashrotriya\/"}]}},"authors":[{"term_id":9931,"user_id":85129,"is_guest":0,"slug":"talinashrotriya","display_name":"Talina Shrotriya, Software Engineering Manager","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/03\/image_2024-03-07_092247517.png"},"author_category":"","last_name":"Shrotriya, Software Engineering Manager","first_name":"Talina","job_title":"","user_url":"","description":""}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/85129"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=15386"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15386\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/15399"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=15386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=15386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=15386"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=15386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}