Cloud Key Management Service (KMS) API

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.


The Service name is needed to create RPC client stubs.

CreateEkmConnection Creates a new EkmConnection in a given Project and Location.
GetEkmConnection Returns metadata for a given EkmConnection.
ListEkmConnections Lists EkmConnections.
UpdateEkmConnection Updates an EkmConnection's metadata.

AsymmetricDecrypt Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
AsymmetricSign Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
CreateCryptoKey Create a new CryptoKey within a KeyRing.
CreateCryptoKeyVersion Create a new CryptoKeyVersion in a CryptoKey.
CreateImportJob Create a new ImportJob within a KeyRing.
CreateKeyRing Create a new KeyRing in a given Project and Location.
Decrypt Decrypts data that was protected by Encrypt.
DestroyCryptoKeyVersion Schedule a CryptoKeyVersion for destruction.
Encrypt Encrypts data, so that it can only be recovered by a call to Decrypt.
GenerateRandomBytes Generate random bytes using the Cloud KMS randomness source in the provided location.
GetCryptoKey Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
GetCryptoKeyVersion Returns metadata for a given CryptoKeyVersion.
GetImportJob Returns metadata for a given ImportJob.
GetKeyRing Returns metadata for a given KeyRing.
GetPublicKey Returns the public key for the given CryptoKeyVersion.
ImportCryptoKeyVersion Import wrapped key material into a CryptoKeyVersion.
ListCryptoKeyVersions Lists CryptoKeyVersions.
ListCryptoKeys Lists CryptoKeys.
ListImportJobs Lists ImportJobs.
ListKeyRings Lists KeyRings.
MacSign Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
MacVerify Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
RestoreCryptoKeyVersion Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
UpdateCryptoKey Update a CryptoKey.
UpdateCryptoKeyPrimaryVersion Update the version of a CryptoKey that will be used in Encrypt.
UpdateCryptoKeyVersion Update a CryptoKeyVersion's metadata.

GetLocation Gets information about a location.
ListLocations Lists information about the supported locations for this service.


GetIamPolicy Gets the access control policy for a resource.
SetIamPolicy Sets the access control policy on the specified resource.
TestIamPermissions Returns permissions that a caller has on the specified resource.