Getting a Cloud KMS resource ID

When you refer to a Cloud Key Management Service resource using the Cloud KMS API or Google Cloud CLI, you use the resource ID. For example, you can use the resource ID of a key ring to grant an Identity and Access Management (IAM) role on that key ring. This topic shows how to get the ID for a key ring, a key, and a key version.

Getting the resource ID for a key ring

Console

  1. Go to the Key Management page in the Google Cloud console.

    Go to the Key Management page

  2. Click More for the key ring.

  3. Click Copy resource name. The resource ID for the key ring is copied to your clipboard.

gcloud

List all key rings in a location:

gcloud kms keyrings list --location LOCATION

The Name column of the output includes the resource ID for each key ring. For example:

projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING

Getting the ID for a key and version

Console

  1. Go to the Key Management page in the Google Cloud console.

    Go to the Key Management page

  2. Select the key ring that contains the key.

  3. For the key whose resource ID you are retrieving, click More .

  4. Click Copy resource name. The resource ID for the key is copied to your clipboard. Its format is similar to the following:

    projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY_NAME
    
  5. A key contains zero or more key versions. The resource ID for a key version is the key ID, plus a slash (/), plus the version ID. To list all versions for a key, click the key's name. Click the More icon for the version, and click Copy resource name.

gcloud

List all keys on a given key ring:

gcloud kms keys list --keyring KEY_RING --location LOCATION

The Name column of the output includes the resource ID for each key. For example:

projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY_NAME

A key has zero or more key versions. The resource ID for a key version is the key ID, plus a slash (/), plus the version ID. To list all versions for a key:

gcloud kms keys versions list --location LOCATION --keyring KEY_RING --key KEY_NAME

The Name column of the output includes the resource ID for each key version. For example:

projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY_NAME/2

What's next