CMEK and Encryption keys usage

[Ruban Siva]

Hi,

I understand with CloudSQL, can encrypt the data at persistence using encryption key using CMEK so it's managed by the end user.

Does this only apply to during update/insert or is it using read too? 

Just wondering how it works during data retrieval.

[Mohammad I (Cloud Platform Support)]

Hello Ruban, 

This document outlines when Cloud SQL interacts with CMEK keys such as during Instance creation, Backup creation, Instance restore, Replica creation, Clone creation and Instance update. 

As mentioned here,  CMEK can not be used to encrypt user data in transit, such as user queries and responses.

I have noticed you have also asked the same question at the StackOverflow thread where one of the Google Cloud Support agents has responded to your query as well.