This page shows you how to resolve issues with Cloud External Key Manager (Cloud EKM) over virtual private cloud (VPC).
In addition to the errors listed in the Cloud EKM error reference , EKMs accessed over VPC might experience additional errors.
Input errors
The following table describes errors caused by incorrect input and suggests troubleshooting steps for these errors:
| google.rpc.Status.message | violation[1].type(Error domain) | Troubleshooting |
|---|---|---|
|
Permission denied when accessing the Service Directory. Ensure the
Cloud EKM service account has access to the Service Directory
resource in the VPC project.
|
SD_RESOURCE_PERMISSION_DENIED
|
Follow the steps in Authorize Cloud EKM to access your VPC to authorize Cloud EKM to access your VPC resource. Also, see the Service Directory troubleshooting guide . |
External key management system errors
The following table describes EKM system errors and troubleshooting suggestions:
google.rpc.Status.message
violation[1].type(Error domain)
Troubleshooting
Unable to use the Service Directory entry provided for the external
key manager. The data was incomplete or was not found in the
Service Directory service.
SD_RESOURCE_MALFORMED
If you manage your own EKM:
- Ensure the network field of your Service Directory endpoint is populated and that it matches the VPC network that you use to reach your EKM.
- Ensure the IP address and Port are set correctly for your endpoint.
If your EKM is managed by a separate provider:
- Contact your EKM provider to ensure the network Service Directory endpoints are correctly set.
