diff --git a/terraform/gcp/modules/tuf/kms.tf b/terraform/gcp/modules/tuf/kms.tf
index 9e939111f..adf8252dc 100644
--- a/terraform/gcp/modules/tuf/kms.tf
+++ b/terraform/gcp/modules/tuf/kms.tf
@@ -25,13 +25,20 @@ resource "google_kms_crypto_key" "tuf-key" {
   key_ring = google_kms_key_ring.tuf-keyring.id
   purpose  = "ASYMMETRIC_SIGN"
   version_template {
-    algorithm        = "EC_SIGN_P384_SHA384"
+    algorithm        = "EC_SIGN_P256_SHA256"
     protection_level = "SOFTWARE"
   }
-
+  lifecycle {
+    prevent_destroy = true
+  }
   depends_on = [google_kms_key_ring.tuf-keyring]
 }
 
+resource "google_kms_crypto_key_version" "tuf-key-version" {
+  crypto_key = google_kms_crypto_key.tuf-key.id
+  depends_on = [google_kms_crypto_key.tuf-key]
+}
+
 resource "google_kms_key_ring_iam_member" "tuf-sa-key-iam" {
   key_ring_id = google_kms_key_ring.tuf-keyring.id
   role        = "roles/cloudkms.signerVerifier"