基于https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys
重现步骤:
- 在 Cloud KMS 中的特定位置(例如 us-central-1)创建密钥环和密钥。
- 将 Cloud KMS CryptoKey Encrypter/Decrypter 权限授予已创建密钥的存储服务帐户。
- 在位置 (us-central-1) 创建一个新的区域存储桶,并设置创建的 KMS 密钥进行加密。
- 尝试将文件上传到存储桶。
结果:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "We're sorry, but the Cloud KMS encryption feature is not available in your location; see https://cloud.google.com/storage/docs/encryption/customer-managed-keys#restrictions for more details."
}
],
"code": 403,
"message": "We're sorry, but the Cloud KMS encryption feature is not available in your location; see https://cloud.google.com/storage/docs/encryption/customer-managed-keys#restrictions for more details."
}
}
我很确定这是一个错误配置问题,但无法弄清楚我的错误。该请求并非来自受限制的国家/地区 - https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#general_restrictions