All Cloud KMS code samples

Stay organized with collections Save and categorize content based on your preferences.

This page contains code samples for Cloud Key Management Service. To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.

Add a rotation schedule to an existing key

Add a rotation schedule to an existing key.

View in documentation

Add an IAM member to a resource

Add an IAM member to a resource.

Check an import job

Check the state of an import job in Cloud KMS.

View in documentation

Check import job

Check the state of an import job in Cloud KMS.

View in documentation

Configure automatic key rotation

Configure an automatic key rotation schedule.

Create a Cloud KMS HMAC key

Create a new key in Cloud KMS for HMAC operations.

Create a key for import

Set up an empty key for importing your own crypto key.

View in documentation

Create a key with labels

When creating a key, you can add labels by providing one or more key-value pairs as labels when you create your key.

View in documentation

Create a MAC signature

Sign a message using the public key part of an asymmetric key.

Create a new key version

Create a new version of the given key.

View in documentation

Create a symmetric key

Create a new symmetric encryption/decryption key in Cloud KMS.

View in documentation

Create an asymmetric decryption key

Create an asymmetric decryption key.

View in documentation

Create an asymmetric signing key

Create an asymmetric signing key.

View in documentation

Create an HSM key

Create a Cloud HSM key on the specified key ring and location.

View in documentation

Create an import job

Create a new import job in Cloud KMS.

View in documentation

Decrypt with a symmetric key

Decrypt the ciphertext by using the symmetric key.

Decrypt with an asymmetric key

Decrypt the ciphertext by using an asymmetric key.

Destroy a key version

Schedule the destruction of the given key version.

Encrypt with a symmetric key

Encrypt plaintext by using a symmetric key.

Encrypt with an asymmetric key

Encrypt plaintext using the public key portion of an asymmetric key.

Get a key and its labels

Get a key and its labels.

View in documentation

Get a key version's attestation

Get an HSM-backend key's attestation.

Get random bytes from an HSM

Retrieve random bytes from the random number generator in Cloud HSM.

View in documentation

Get the IAM policy for a resource

Get the IAM policy for a resource.

View in documentation

Get the public key for an asymmetric key

Get the public key for an asymmetric key.

View in documentation

Import a manually wrapped key

Import a key into Cloud KMS that you have wrapped manually.

View in documentation

Remove a rotation schedule from an existing key

Remove a rotation schedule from an existing key.

View in documentation

Remove an IAM member from a resource

Remove an IAM member from a resource.

View in documentation

Remove labels from an existing key

Remove labels from an existing key.

View in documentation

Restore a key version scheduled for destruction

Restore a key version that is scheduled for destruction.

Retrieve an asymmetric signature

Get an asymmetric signature of the SHA-256 hash of an input message using the KMS API.

Update labels on an existing key

Update labels on an existing key.

View in documentation

Update the primary version of a key

Update the primary version of a key.

View in documentation

Verify a certificate chain

Get a manufacturer certificate chain and verify the attestation.

Verify a MAC signature

Verify the signature of data from an HMAC key.

Verify an asymmetric signature of an EC key

Verify the signature of a message signed with an asymmetric EC key.

Verify asymmetric signature of an RSA key

Verify the signature of a message signed with an asymmetric RSA key.