-
Stop the VM instance -
Get a list of the disks attached to the VM instance -
For each disk attached to the instance -
If it is already encrypted with the specified CMEK key we skip the disk -
Detach the disk from the VM instance -
Snapshot the disk -
We then create a new disk using the CMEK key stored in Cloud KMS
-
-
Attach the disk to the VM instance -
Start the VM instance -
Delete the old disks and snapshots created during the process (if specified)
usage: main.py [-h] --project PROJECT --zone ZONE --instance INSTANCE --key-ring KEYRING --key-name KEYNAME --key-version KEYVERSION [--key-global] [--destructive] arguments: -h, --help show this help message and exit --project PROJECT Project containing the GCE instance. --zone ZONE Zone containing the GCE instance. --instance INSTANCE Instance name. --key-ring KEYRING Name of the key ring containing the key to encrypt the disks. Must be in the same region as the instance or global. --key-name KEYNAME Name of the key to encrypt the disks. Must be in the same region as the instance or global. --key-version KEYVERSION Version of the key to encrypt the disks. --key-global Use Cloud KMS global keys. --destructive Upon completion, delete source disks and snapshots created during migration process.