Method: locations.generateRandomBytes

Full name: projects.locations.generateRandomBytes

Generate random bytes using the Cloud KMS randomness source in the provided location.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".

Request body

The request body contains data with the following structure:

JSON representation
  "lengthBytes": integer,
  "protectionLevel": enum (ProtectionLevel)


The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.


enum (ProtectionLevel)

The ProtectionLevel to use when generating the random data. Currently, only HSM protection level is supported.

Response body

If successful, the response body contains data with the following structure:

Response message for KeyManagementService.GenerateRandomBytes.

JSON representation
  "data": string,
  "dataCrc32c": string

string (bytes format)

The generated data.

A base64-encoded string.


string (Int64Value format)

Integrity verification field. A CRC32C checksum of the returned An integrity check of can be performed by computing the CRC32C checksum of and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Authorization Scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.