A Database Engineer is tasked with securing sensitive data stored in a Cloud SQL instance. The company requires that data encryption keys to be managed according to its strict security policies. Which of the following approaches should the engineer take to meet these requirements?