View keys by project

Stay organized with collections Save and categorize content based on your preferences.

The Cloud KMS key dashboard provides an organized, searchable, and filterable view of keys and key rings in your Google Cloud project resource.

To use the Cloud KMS key dashboard, you must have the following permissions at the project level:

  • cloudkms.keyRings.list
  • cloudkms.cryptoKeys.list
  • cloudkms.locations.list
  • resourcemanager.projects.get

These permissions are included in the Cloud KMS Admin and Cloud KMS Viewer roles.

View key rings

Use the Google Cloud console to view the key rings created in your project resource.

Console

  1. Go to the Key Management page in the Google Cloud console.

    Go to the Key Management page

  2. Click Key Rings to view your key rings.

  3. To filter your list of key rings, click Filter and select a property. To sort the list by the values in a column, select the column's heading.

While viewing your key rings, you can select a key ring to view details about the associated keys and import jobs.

View keys

Use the Google Cloud console to view the keys created in your project resource.

Console

  1. Go to the Key Management page in the Google Cloud console.

    Go to the Key Management page

  2. Click Key Inventory to view your keys.

  3. To filter your list of keys, click Filter and select a property. To sort the list by the values in a column, select the column's heading.

While viewing your keys, you can select a key to view details about the key including its associated key versions.

The key inventory provides comprehensive information about the cryptographic keys in your project. Properties in the key inventory include the following:

  • Key name: Name of the key.
  • Status: The current key status based on the state of the primary key version. This applies to symmetric keys only.
    • Available: The primary key version is enabled. The key is available for use to encrypt and decrypt data.
    • Unavailable: The primary key version is disabled or empty. The key is not available for use to encrypt data.
    • Available in GCP: For externally managed keys, the key (not necessarily the externally managed key itself) is available for use.
  • Key ring: Name of the parent key ring.
  • Location: Location where key material resides.
  • Current rotation: The date and time the key was last rotated. This is when the current key version was created.
  • Rotation frequency: The key's current rotation frequency.
  • Next rotation: The date of the next scheduled key rotation. A new key version will be created automatically on this date.
  • Protection level: HSM, EKM or software-backed key.
  • Purpose: The scenario in which the key may be used.
  • Labels: Labels applied on the key.

Limitations

  • The key ring tab can display at most 1,000 resources (including key rings, keys, and key versions) per location. If you have more than 1000 resources of any type in a single location, you can use the keyRings.list API to view key rings for a given project resource and location.
  • The key inventory tab can display at most 20,000 resources (including key rings, keys, and key versions) per project. If you have more than 20,000 resources of any type in a single project, you can use the keyRings.cryptoKeys.list API to view keys for a given project resource, location, and key ring.