Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.
With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.
Guides
-
Quickstart: Create encryption keys with Cloud KMS
-
Encrypting and decrypting data with a symmetric key
-
Encrypting and decrypting data with an asymmetric key
-
Cloud HSM
-
Creating symmetric keys
-
Cloud External Key Manager
-
Importing a key into Cloud KMS
-
Retrieving a public key
-
Destroying and restoring key versions
-
Resources
Training and tutorials
Try Cloud KMS tutorials, courses, and self-paced training from Google Cloud Skills Boost.
Use cases
Explore use cases, reference architectures, whitepapers, best practices, and industry solutions.
Code samples
Dive into coding with examples that demonstrate how to use and connect Google Cloud services.