Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager

## Feature Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager. Autokey simplifies creating and using [customer-managed encryption keys (CMEKs)](https://cloud.google.com/kms/docs/cmek) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created. Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings. For more information, see [Autokey overview](https://cloud.google.com/kms/docs/autokey-overview). ## Feature Cloud KMS has two new organization policy constraints that you can use to control key version destruction. These constraints became available on November 1, 2023. For more information, see [Control key version destruction](https://cloud.google.com/kms/docs/control-key-destruction).