Within a project, Cloud KMS resources can be created in one of many
locations. These represent the geographical regions where
requests to Cloud KMS regarding a given resource are handled, and
where the corresponding cryptographic keys are stored. You should consider the
network performance implications of the
Location you choose to host
Cloud KMS resources.
Types of locations for Cloud KMS
There are three types of locations where you can create Cloud KMS resources.
Regional locations: A regional location consists of zones in a specific geographical place, such as Iowa.
Multi-regional locations: A multi-regional location consists of zones spread across a general geographical area, such as the United States.
The global location: There is a special location for Cloud KMS resources called "global". When created in the global location, your Cloud KMS resources are available from zones spread around the world.
Interactions with resources in a location close to you are more likely to be fast and reliable. Choose a specific region if the users and services that depend on a Cloud KMS resource are geographically concentrated. Remember that users and services who are far away from the location chosen may experience higher latency.
When you use multi-regional locations or the global location, read operations,
will be served by a data center close to the requesting user or service.
However, write operations, like
must propagate to multiple data centers when performed on multi-region or
global resources, and will be slower as a result. If your usage of
Cloud KMS involves many read operations from users and services
around the world, or involves very few write operations, consider creating
multi-region or global resources.
Cloud KMS resources can be created in the following regional locations:
|Region Name||Region Description|
Cloud KMS resources can be created in the following multi-regional locations:
|Multi-Region Name||Multi-Region Description|
Supported regions for Cloud HSM
During the Cloud HSM beta release, Cloud HSM resources can be created in the following regional locations:
You can use the
to determine if a location supports Cloud HSM. The response from these methods
hsmAvailable field is a
bool that indicates whether the location
supports hardware security modules.