- AES256 keys
- Cloud KMS allows you to create, use, rotate, automatically rotate, and destroy AES256 symmetric encryption keys.
- Encrypt and decrypt via API
- Cloud KMS is a REST API that can use a key to encrypt or decrypt data, such as secrets, for storage.
- Automated and at-will key rotation
- Cloud KMS allows you to rotate a key at will, and also set a rotation schedule to automatically generate a new key version at a fixed time interval. Multiple versions of a key can be active at any time for decryption, with only one primary key version used for encrypting new data.
- Delay for key destruction
- Cloud KMS has a built-in 24 hour delay for key material destruction, to prevent accidental or malicious data loss.
- High global availability
- Cloud KMS is available in several global locations, allowing you to place your service where you want for low latency.
“Google is transparent about how it does its encryption by default, and Cloud KMS makes it easy to implement best practices. Features like automatic key rotation let us rotate our keys frequently with zero overhead and stay in line with our internal compliance demands. Cloud KMS’ low latency allows us to use it for frequently performed operations. This allows us to expand the scope of the data we choose to encrypt from sensitive data, to operational data that does not need to be indexed.”— Leonard Austin, CTO at Ravelin
|Active key versions||$0.06 per month|
|Key use operations (Encrypt/ Decrypt)||$0.03 per 10,000 operations|
|Key admin operations||Free|