KMS locations

Within a project, Key Management Service resources can be created in one of many locations. These represent the geographical regions where requests to KMS regarding a given resource are handled, and where the corresponding cryptographic keys are stored. You should consider the network performance implications of the Location you choose to host KMS resources.

Types of locations for KMS

There are four types of locations where you can create KMS resources.

  • Regional locations: A regional location consists of zones in a specific geographical place, such as Iowa.

  • Dual-regional locations: A dual-regional location consists of zones in two specific geographical places, such as Iowa and South Carolina.

  • Multi-regional locations: A multi-regional location consists of zones spread across a general geographical area, such as the United States.

  • The global location: There is a special location for KMS resources called "global". When created in the global location, your KMS resources are available from zones spread around the world.

Interactions with resources in a location close to you are more likely to be fast and reliable. Choose a specific region if the users and services that depend on a KMS resource are geographically concentrated. Remember that users and services who are far away from the location chosen may experience higher latency.

When you use dual-regional locations, multi-regional locations, or the global location, read operations, like keyRings.list will be served by a data center close to the requesting user or service. However, write operations, like keyRings.create, must propagate to multiple data centers when performed on multi-region or global resources, and will be slower as a result. If your usage of KMS involves many read operations from users and services around the world, or involves very few write operations, consider creating dual-region, multi-region, or global resources.

Regional locations

KMS resources can be created in the following regional locations:

Region name Region description Cloud HSM available
Asia Pacific
asia-east1 Taiwan Yes
asia-east2 Hong Kong Yes
asia-northeast1 Tokyo Yes
asia-northeast2 Osaka Yes
asia-south1 Mumbai Yes
asia-southeast1 Singapore Yes
australia-southeast1 Sydney Yes
Europe
europe-north1 Finland Yes
europe-west1 Belgium Yes
europe-west2 London Yes
europe-west3 Frankfurt Yes
europe-west4 Netherlands Yes
europe-west6 Zürich Yes
North America
northamerica-northeast1 Montréal Yes
us-central1 Iowa Yes
us-east1 South Carolina Yes
us-east4 Northern Virginia Yes
us-west1 Oregon Yes
us-west2 Los Angeles Yes
South America
southamerica-east1 São Paulo Yes

Dual-regional locations

KMS resources can be created in the following dual-regional locations:

Dual-region name Dual-region description Cloud HSM available
eur4 Finland and Netherlands No
nam4 Iowa and South Carolina No

Multi-regional locations

KMS resources can be created in the following multi-regional locations:

Multi-region name Multi-region description Cloud HSM available
asia Asia Pacific Yes
europe Europe Yes
us United States Yes

Determining available regions

gcloud

gcloud kms locations list

In the output from the command, the HSM_AVAILABLE column indicates whether the location supports Cloud HSM.

API

Use the Locations.get and Locations.list methods.

The response from these methods contains an hsmAvailable field. The hsmAvailable field is a bool that indicates whether the location supports Cloud HSM.

More about locations

  • For more information about building applications to meet your latency, availability and durability requirements, see Geography and Regions.
  • For more information about Google Cloud locations and data centers, see Cloud Locations.
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud KMS Documentation