Using Console
Using CLI
gcloud dataproc clusters list --region=REGION
to list all the Dataproc clusters in the specified region.gcloud dataproc clusters describe CLUSTER_NAME --region=REGION
to get the details of the cluster.encryptionConfig
property is set to CMEK
in the output of the above command. If it is not set to CMEK
, then the cluster is not encrypted using CMEK.gcloud dataproc clusters update CLUSTER_NAME --region=REGION --update-encryption-config kmsKeyName=KEY_NAME
where KEY_NAME
is the name of the KMS key to be used for encryption.gcloud dataproc clusters describe CLUSTER_NAME --region=REGION
again to verify that the encryptionConfig
property is set to CMEK
.Using Python
gce_pd_kms_key_name
field is set to the correct key, then the cluster is encrypted using CMEK.