You've established a streaming data insertion process into a Redis cluster via a Kafka cluster, both hosted on Compute Engine instances. Now, your priority is to secure the data at rest by utilizing encryption keys that can be generated, rotated, and revoked as necessary. What is the recommended approach?