Cloud Key Management Service documentation
Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.
With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.
Documentation resources
Find quickstarts and guides, review key references, and get help with common issues.
format_list_numbered
Guides
-
Quickstart: Create encryption keys with Cloud KMS
-
Encrypting and decrypting data with a symmetric key
-
Encrypting and decrypting data with an asymmetric key
-
Cloud HSM
-
Creating symmetric keys
-
Cloud External Key Manager
-
Importing a key into Cloud KMS
-
Retrieving a public key
-
Destroying and restoring key versions
Explore self-paced training from Google Cloud Skills Boost, use cases, reference architectures, and code samples with examples of how to use and connect Google Cloud services.
Training
Training and tutorials
Encrypt and decrypt data with KMS
This tutorial teaches you how to encrypt and decrypt data using symmetric Cloud KMS keys.
Training
Training and tutorials
Security in Google Cloud
Explore and deploy the components of a secure Google Cloud solution through hands on labs. Learn best practices for securing applications and data and mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.
Training
Training and tutorials
Getting started with KMS
In this lab you'll learn how to use some advanced features of Google Cloud Security and Privacy APIs, including: setting up a secure Cloud Storage bucket, managing keys and encrypted data, and viewing Cloud Storage audit logs.
Use case
Use cases
PCI Data Security Standard Compliance
Learn how to implement the Payment Card Industry Data Security Standard (PCI DSS) for your business on Google Cloud.
PCI DSS Compliance Security
Code Samples
Code Samples
Python samples
Python code samples and snippets
Code Samples
Code Samples
Node.js samples
A robust set of Node.js samples.
Code Samples
Code Samples
Go samples
A list of Go samples
Code Samples
Code Samples
.NET samples
Samples for .NET and KMS.
Code Samples
Code Samples
PHP samples
PHP code samples for KMS
Code Samples
Code Samples
Ruby samples
Ruby samples for KMS
Related videos
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-12 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] {"lastModified": "Last updated 2024-09-12 UTC."}