Cloud Key Management Service (KMS) API

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.


The Service name is needed to create RPC client stubs.

AsymmetricDecrypt Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
AsymmetricSign Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
CreateCryptoKey Create a new CryptoKey within a KeyRing.
CreateCryptoKeyVersion Create a new CryptoKeyVersion in a CryptoKey.
CreateImportJob Create a new ImportJob within a KeyRing.
CreateKeyRing Create a new KeyRing in a given Project and Location.
Decrypt Decrypts data that was protected by Encrypt.
DestroyCryptoKeyVersion Schedule a CryptoKeyVersion for destruction.
Encrypt Encrypts data, so that it can only be recovered by a call to Decrypt.
GetCryptoKey Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
GetCryptoKeyVersion Returns metadata for a given CryptoKeyVersion.
GetImportJob Returns metadata for a given ImportJob.
GetKeyRing Returns metadata for a given KeyRing.
GetPublicKey Returns the public key for the given CryptoKeyVersion.
ImportCryptoKeyVersion Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.
ListCryptoKeyVersions Lists CryptoKeyVersions.
ListCryptoKeys Lists CryptoKeys.
ListImportJobs Lists ImportJobs.
ListKeyRings Lists KeyRings.
RestoreCryptoKeyVersion Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
UpdateCryptoKey Update a CryptoKey.
UpdateCryptoKeyPrimaryVersion Update the version of a CryptoKey that will be used in Encrypt.
UpdateCryptoKeyVersion Update a CryptoKeyVersion's metadata.

GetLocation Gets information about a location.
ListLocations Lists information about the supported locations for this service.


GetIamPolicy Gets the access control policy for a resource.
SetIamPolicy Sets the access control policy on the specified resource.
TestIamPermissions Returns permissions that a caller has on the specified resource.