Cloud Key Management Service (KMS) API

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.

Service: cloudkms.googleapis.com

All URIs below are relative to https://cloudkms.googleapis.com

This service provides the following discovery document:

REST Resource: v1.projects.locations

Methods
get GET /v1/{name=projects/*/locations/*}
Gets information about a location.
list GET /v1/{name=projects/*}/locations
Lists information about the supported locations for this service.

REST Resource: v1.projects.locations.keyRings

Methods
create POST /v1/{parent=projects/*/locations/*}/keyRings
Create a new KeyRing in a given Project and Location.
get GET /v1/{name=projects/*/locations/*/keyRings/*}
Returns metadata for a given KeyRing.
getIamPolicy GET /v1/{resource=projects/*/locations/*/keyRings/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*/locations/*}/keyRings
Lists KeyRings.
setIamPolicy POST /v1/{resource=projects/*/locations/*/keyRings/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/locations/*/keyRings/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1.projects.locations.keyRings.cryptoKeys

Methods
create POST /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys
Create a new CryptoKey within a KeyRing.
decrypt POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt
Decrypts data that was protected by Encrypt.
encrypt POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt
Encrypts data, so that it can only be recovered by a call to Decrypt.
get GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}
Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
getIamPolicy GET /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys
Lists CryptoKeys.
patch PATCH /v1/{cryptoKey.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}
Update a CryptoKey.
setIamPolicy POST /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
updatePrimaryVersion POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion
Update the version of a CryptoKey that will be used in Encrypt.

REST Resource: v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions

Methods
asymmetricDecrypt POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
asymmetricSign POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
create POST /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions
Create a new CryptoKeyVersion in a CryptoKey.
destroy POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy
Schedule a CryptoKeyVersion for destruction.
get GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}
Returns metadata for a given CryptoKeyVersion.
getPublicKey GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey
Returns the public key for the given CryptoKeyVersion.
list GET /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions
Lists CryptoKeyVersions.
patch PATCH /v1/{cryptoKeyVersion.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}
Update a CryptoKeyVersion's metadata.
restore POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud KMS Documentation