Your company is using BigQuery to store sensitive healthcare data. To comply with HIPAA and other regulatory requirements, you must encrypt the data using an encryption key that your company manages directly, including controlling its rotation, access policies, and storage. The key must be stored within Google Cloud and used to encrypt data at rest. What should you do?