When you refer to a Cloud Key Management Service resource using the Cloud Key Management Service API or Cloud SDK, such as when you grant an Identity and Access Management (IAM) role on the resource, you refer to the resource by its ID. This topic shows how to get the ID for a key ring, a key, and a key version.
Getting the resource ID for a key ring
Console
Go to the Cryptographic Keys page in the Cloud Console.
Click More more_vert for the key ring.
Click Copy Resource ID. The resource ID for the key ring is copied to your clipboard.
gcloud
List all key rings in a location:
gcloud kms keyrings list --location location
The Name column of the output includes the resource ID for each key ring. For example:
projects/example-project-98765/locations/us-central1/keyRings/example-ring
Getting the ID for a key and version
Console
Go to the Cryptographic Keys page in the Cloud Console.
Select the key ring that contains the key.
For the key whose resource ID you are retrieving, click More more_vert.
Click Copy Resource ID. The resource ID for the key is copied to your clipboard. Its format is similar to the following:
projects/example-project-98765/locations/us-central1/keyRings/example-ring/cryptoKeys/example-key
A key contains zero or more key versions. A key version's ID is the key ID, plus a version ID. To list all versions for a key, click the key's name. Click the More icon for the version, and click Copy Resource ID.
gcloud
List all keys on a given key ring:
gcloud kms keys list --keyring keyring --location location
The Name column of the output includes the resource ID for each key. For example:
projects/example-project-98765/locations/us-central1/keyRings/example-ring/cryptoKeys/example-key
A key has zero or more key versions. A key version's ID is the key ID, plus
a slash (/
) character, and the version ID. To list all versions for a key:
gcloud kms keys versions list --location us-central1 --keyring blah --key foo_import_key
The Name column of hte output includes the resource ID for each key version. For example:
projects/example-project-98765/locations/us-central1/keyRings/example-ring/cryptoKeys/example-key/2
What's next
- Learn more about permissions and roles in Cloud KMS.
- Manage access to Cloud KMS resources.
- Rotate a key.