Cloud Key Management Service (KMS) API

Manages encryption for your cloud services the same way you do on-premises. You can generate, use, rotate, and destroy AES256 encryption keys.

Service: cloudkms.googleapis.com

All URIs below are relative to https://cloudkms.googleapis.com

This service provides the following discovery document:

REST Resource: v1.projects.locations

Methods
get GET /v1/{name=projects/*/locations/*}
Gets information about a location.
list GET /v1/{name=projects/*}/locations
Lists information about the supported locations for this service.

REST Resource: v1.projects.locations.keyRings

Methods
create POST /v1/{parent=projects/*/locations/*}/keyRings
Create a new KeyRing in a given Project and Location.
get GET /v1/{name=projects/*/locations/*/keyRings/*}
Returns metadata for a given KeyRing.
getIamPolicy GET /v1/{resource=projects/*/locations/*/keyRings/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*/locations/*}/keyRings
Lists KeyRings.
setIamPolicy POST /v1/{resource=projects/*/locations/*/keyRings/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/locations/*/keyRings/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1.projects.locations.keyRings.cryptoKeys

Methods
create POST /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys
Create a new CryptoKey within a KeyRing.
decrypt POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt
Decrypts data that was protected by Encrypt.
encrypt POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt
Encrypts data, so that it can only be recovered by a call to Decrypt.
get GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}
Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
getIamPolicy GET /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys
Lists CryptoKeys.
patch PATCH /v1/{cryptoKey.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}
Update a CryptoKey.
setIamPolicy POST /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
updatePrimaryVersion POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion
Update the version of a CryptoKey that will be used in Encrypt

REST Resource: v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions

Methods
create POST /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions
Create a new CryptoKeyVersion in a CryptoKey.
destroy POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy
Schedule a CryptoKeyVersion for destruction.
get GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}
Returns metadata for a given CryptoKeyVersion.
list GET /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions
Lists CryptoKeyVersions.
patch PATCH /v1/{cryptoKeyVersion.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}
Update a CryptoKeyVersion's metadata.
restore POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED, state.
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud KMS Documentation