Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.

With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.

Guides

Reference

Resources

Training and tutorials

Try Cloud KMS tutorials, courses, and self-paced training from Google Cloud Skills Boost.

Codelab

Encrypt and decrypt data with KMS

This tutorial teaches you how to encrypt and decrypt data using symmetric Cloud KMS keys.

Learn more  
Training

Security in Google Cloud

Explore and deploy the components of a secure Google Cloud solution through hands on labs. Learn best practices for securing applications and data and mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

Learn more  
Training

Getting started with KMS

In this lab you'll learn how to use some advanced features of Google Cloud Security and Privacy APIs, including: setting up a secure Cloud Storage bucket, managing keys and encrypted data, and viewing Cloud Storage audit logs.

Learn more  

Use cases

Explore use cases, reference architectures, whitepapers, best practices, and industry solutions.

Use case

Tokenizing sensitive cardholder data for PCI DSS

Shows how to set up an access-controlled credit and debit card tokenization service on Cloud Functions. To set up the service, the article uses IAM, Cloud KMS, and Datastore.

PCI DSS Functions Datastore

Learn more  
Architecture

PCI Data Security Standard Compliance

Learn how to implement the Payment Card Industry Data Security Standard (PCI DSS) for your business on Google Cloud.

PCI DSS Compliance Security

Learn more  

Code samples

Dive into coding with examples that demonstrate how to use and connect Google Cloud services.

github

Python samples

Python code samples and snippets

Open GitHub  

github

Node.js samples

A robust set of Node.js samples.

Open GitHub  

github

Go samples

A list of Go samples

Open GitHub  

github

.NET samples

Samples for .NET and KMS.

Open GitHub  

github

PHP samples

PHP code samples for KMS

Open GitHub  

github

Ruby samples

Ruby samples for KMS

Open GitHub  

Videos