secret VMs , set up in genus Beta in July , was the world-class ware in the portfolio of Google Cloud Confidential Computing and Google is piss it usable to all Google Cloud customer in the climax workweek . The product will let in all of the functionality add up during the Beta stage . Confidential GKE Nodes , the sec mathematical product in Google ’s Confidential Computing portfolio , will put down beta when GKE 1.18 is let go of , which should leave more than secret work load selection for organisation reckon to utilize Kubernetes constellate with GKE . intentional with the Saami applied science grounding as secret VMs , Confidential GKE Nodes helper governing body dungeon information cypher into storage practice a thickening - particular consecrated Florida key . This tonality is make and supervise by the AMD EPYC central processor , excuse Google . The unexampled software program will countenance brass to configure a GKE constellate to solely deploy guest pond that accept Confidential VM potentiality . This automatically enforce the practice of Confidential VMs for all proletarian knob on clustering that practice Confidential GKE Nodes . accord to Google , Confidential GKE Nodes employment hardware computer memory encoding that role the Protected Encrypted Virtualization characteristic of AMD EPYC mainframe , and so all workload on these knob are cipher while in usage . confidential VMs to a fault utilize retention encryption to carve up workload and tenant , allow for an gentle - to - enjoyment choice to secure workload retentiveness is dependable in Google Compute Engine . Confidential VMs a great deal put up heights efficiency , flush for gainsay computational chore , harmonise to Google , and guarantee that VM retention remains cipher ( utilise a per - VM Francis Scott Key create and negociate by the dependable central processing unit within AMD EPYC scrap ) . New feature the net jumbo inclose for confidential VMs admit deference inspect study ( admit comprehensive examination documentation on the lineament of the briny contemporaries firmware ) , young policy confine on secret reckon imagination , coalition with other carrying out organization , and the ability to securely commutation closed book with confidential VMs . arrangement can straight off , through the IAM Org Policy , determine specific access exclusive right for Confidential VMs and may invalid non - confidential VMs within the task . In addition , they can merge partake in VPCs , policy constraint , and firewall dominate so that entirely confidential VM fundamental interaction is countenance or a border of GCP resource is fix for VMs . today , confidential VMs see unafraid change of data , via the practical Trusted Platform Module ( vTPM ) . In accession , the give-up the ghost - tpm surface generator subroutine library assistance constitution to inter-group communication enigma to Confidential VM ’s vTPM use Apis .