Google Cloud
Why Google
  • Groundbreaking solutions. Transformative know-how.
  • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud's solutions and technologies help chart a path to success.
  • Learn more
  • Why Google Cloud
  • Choosing Google Cloud
    Reasons why people choose us
  • Trust and security
    Keep your data secure and compliant
  • Open cloud
    Scale with open, flexible technology
  • Global infrastructure
    Build on the same infrastructure Google uses
  • Analyst reports
    See how Google Cloud ranks
  • Customer stories
    Learn how businesses use Google Cloud
  • Partners
    Tap into our global ecosystem of cloud experts
  • Google Cloud Blog
    Read the latest stories and product updates
  • Events
    Join events and learn more about Google Cloud
Solutions
  • By technology
  •
  • Infrastructure Modernization
  • VM Migration
  • SAP
  • more
  • Data Management
  • Database Services
  • Database Migration
  • more
  • Application Modernization
  • Anthos
  • Serverless
  • DevOps
  • more
  • Smart Analytics
  • Data Warehouse Modernization
  • Data Lake Modernization
  • more
  • Artificial Intelligence
  • Contact Center AI
  • Document AI
  • more
  • Security
  • Security Analytics & Ops
  • Application Security
  • more
  • Productivity & Collaboration
  • Work Transformation
  • Chrome Enterprise
  • more
  • By industry
  • Retail
  • Financial Services
  • Healthcare & Life Sciences
  • Media & Entertainment
  • Telecommunications
  • Gaming
  • Manufacturing
  • Energy
  • Government
  • Education
  • Small Businesses
  • See all solutions
Products
  • Google Cloud Platform
  •
  • AI and Machine Learning
  • Speech-to-Text
  • Vision
  • Translation
  • More
  • API Management
  • Apigee API Platform
  • Cloud Endpoints
  • More
  • Compute
  • Compute Engine
  • Cloud GPUs
  • More
  • Hybrid and Multi-cloud
  • Anthos
  • Migrate for Anthos
  • GKE
  • More
  • Data Analytics
  • BigQuery
  • Looker
  • More
  • Databases
  • Cloud SQL
  • Cloud Firestore
  • More
  • Developer Tools
  • Cloud Build
  • Cloud Code
  • Cloud SDK
  • More
  • Migration
  • Data Transfer
  • VM Migration
  • More
  • Networking
  • DNS
  • CDN
  • Virtual Private Cloud
  • More
  • Security and Identity
  • Shielded VMs
  • Cloud IAM
  • More
  • Serverless Computing
  • Cloud Run
  • App Engine
  • Cloud Functions
  • More
  • Storage
  • Cloud Storage
  • Persistent Disk
  • More
  • More Cloud Products
  • G Suite
    Gmail, Docs, Drive, Hangouts, and more
  • Google Maps Platform
    Build with real-time, comprehensive data
  • Cloud Identity
    Easily manage user identities
  • Chrome Enterprise
    Get Chrome OS devices and browser
  • Android Enterprise
    Intelligent devices, OS, and business apps
  • See all products (100+)
Pricing
  • Do more for less with Google Cloud
  • Our customer-friendly pricing means more overall value to your business.
  • Contact sales
  • Google Cloud Platform
  • Overview
    Pay only for what you use with no lock-in
  • Price list
    Pricing details on each GCP product
  • Calculators
    Calculate your cloud savings
  • Free on GCP
    Learn and build on GCP for free
  • More Cloud Products
  • G Suite
  • Google Maps Platform
  • Cloud Identity
  • Apigee
  • Firebase
  • Zync Render
Getting started
  • Get started with Google Cloud
  • Start building right away on our secure, intelligent platform. New customers can use a $300 free credit to get started with any GCP product.
  • Try GCP Free
  • Get Started
  • Resources to Start on Your Own
  • Quickstarts
    View short tutorials to help you get started
  • GCP Marketplace
    Deploy ready-to-go solutions in a few clicks
  • Training
    Enroll in on-demand or classroom training
  • Certification
    Become Google Cloud Certified
  • Get Help from an Expert
  • Consulting
    Jump-start your project with help from Google
  • Technical Account Management
    Get long-term guidance from Google
  • Find a Partner
    Work with a Partner in our global network
  • Become a Partner
    Join Google Cloud's Partner program
  • More ways to get started
Docs Support
Docs Support
  • Security & Identity Products
Guides Reference Support Resources
Contact Sales Get started for free
Google Cloud
  • Why Google
    • More
  • Solutions
    • More
  • Products
    • More
  • Pricing
    • More
  • Getting started
    • More
  • Docs
    • Guides
    • Reference
    • Support
    • Resources
  • Support
  • Console
  • Contact Sales
  • Get started for free
  • Cloud KMS
  • Documentation
  • Product overview
  • Quickstart
  • How-to guides
  • All how-to guides
  • Accessing the API
  • Managing keys and key versions
  • Creating symmetric keys
  • Creating asymmetric keys
  • Labeling a key
  • Enabling and disabling a key version
  • Destroying and restoring a key version
  • Rotating a key
  • Retrieving a public key
  • Importing keys
    • Preparing a key for import
      • Formatting keys for import
      • Including the Pyca cryptography library
      • Manually wrapping a key
        • Configuring OpenSSL for manual key wrapping
        • Wrapping a key using OpenSSL
    • Importing a key
    • Verifying an imported key
    • Troubleshooting failed imports
  • Encrypting and decrypting data
  • Encrypting and decrypting data with a symmetric key
  • Encrypting and decrypting data with an asymmetric key
  • Re-encrypting data
  • Encrypting application data
  • Signing and validating data
  • Creating and validating signatures
  • Cloud HSM
  • Using Cloud HSM
  • Cloud HSM attestations
  • Attesting a Cloud HSM key
  • Cloud EKM
  • Cloud EKM overview
  • Managing external keys
  • Integrating Cloud KMS with other products
  • Using Cloud KMS with other products
  • Sorting and filtering list results
  • Using IAM
  • Using Cloud Audit Logging
  • Using gRPC
  • Using Stackdriver Monitoring
  • Concepts
  • All concepts
  • Object hierarchy
  • Key purposes and algorithms
  • Key states
  • Symmetric key rotation
  • Asymmetric key rotation
  • Key import
  • Separation of duties
  • Additional authenticated data
  • Envelope encryption
  • Asymmetric encryption
  • Digital signatures
  • Key wrapping
  • Customer-managed encryption keys (CMEK)
  • Resource consistency
  • Locations
  • Tutorials
  • All tutorials
  • Encrypting data at rest
  • Groundbreaking solutions. Transformative know-how.
  • Learn more
  • Why Google Cloud
  • Choosing Google Cloud
  • Trust and security
  • Open cloud
  • Global infrastructure
  • Analyst reports
  • Customer stories
  • Partners
  • Google Cloud Blog
  • Events
  • By technology
  • Infrastructure Modernization
  • VM Migration
  • SAP
  • more
  • Data Management
  • Database Services
  • Database Migration
  • more
  • Application Modernization
  • Anthos
  • Serverless
  • DevOps
  • more
  • Smart Analytics
  • Data Warehouse Modernization
  • Data Lake Modernization
  • more
  • Artificial Intelligence
  • Contact Center AI
  • Document AI
  • more
  • Security
  • Security Analytics & Ops
  • Application Security
  • more
  • Productivity & Collaboration
  • Work Transformation
  • Chrome Enterprise
  • more
  • By industry
  • Retail
  • Financial Services
  • Healthcare & Life Sciences
  • Media & Entertainment
  • Telecommunications
  • Gaming
  • Manufacturing
  • Energy
  • Government
  • Education
  • Small Businesses
  • See all solutions
  • Google Cloud Platform
  • AI and Machine Learning
  • Speech-to-Text
  • Vision
  • Translation
  • More
  • API Management
  • Apigee API Platform
  • Cloud Endpoints
  • More
  • Compute
  • Compute Engine
  • Cloud GPUs
  • More
  • Hybrid and Multi-cloud
  • Anthos
  • Migrate for Anthos
  • GKE
  • More
  • Data Analytics
  • BigQuery
  • Looker
  • More
  • Databases
  • Cloud SQL
  • Cloud Firestore
  • More
  • Developer Tools
  • Cloud Build
  • Cloud Code
  • Cloud SDK
  • More
  • Migration
  • Data Transfer
  • VM Migration
  • More
  • Networking
  • DNS
  • CDN
  • Virtual Private Cloud
  • More
  • Security and Identity
  • Shielded VMs
  • Cloud IAM
  • More
  • Serverless Computing
  • Cloud Run
  • App Engine
  • Cloud Functions
  • More
  • Storage
  • Cloud Storage
  • Persistent Disk
  • More
  • More Cloud Products
  • G Suite
  • Google Maps Platform
  • Cloud Identity
  • Chrome Enterprise
  • Android Enterprise
  • See all products (100+)
  • Do more for less with Google Cloud
  • Contact sales
  • Google Cloud Platform
  • Overview
  • Price list
  • Calculators
  • Free on GCP
  • More Cloud Products
  • G Suite
  • Google Maps Platform
  • Cloud Identity
  • Apigee
  • Firebase
  • Zync Render
  • Get started with Google Cloud
  • Try GCP Free
  • Get Started
  • Resources to Start on Your Own
  • Quickstarts
  • GCP Marketplace
  • Training
  • Certification
  • Get Help from an Expert
  • Consulting
  • Technical Account Management
  • Find a Partner
  • Become a Partner
  • More ways to get started
  • Home
  • Docs
  • Security & Identity Products
  • Cloud Key Management Service
  • Documentation

Tutorials

  • Encrypting data at rest

    Encrypt data in a Cloud Storage bucket at the application layer using Cloud Key Management Service.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

  • Why Google

    • Choosing Google Cloud
    • Trust and security
    • Open cloud
    • Global infrastructure
    • Customers and case studies
    • Analyst reports
    • Whitepapers

  • Products and pricing

    • GCP pricing
    • G Suite pricing
    • Maps Platform pricing
    • See all products

  • Solutions

    • Infrastructure modernization
    • Data management
    • Application modernization
    • Smart analytics
    • Artificial Intelligence
    • Security
    • Productivity & work transformation
    • Industry solutions
    • DevOps solutions
    • Small business solutions
    • See all solutions

  • Resources

    • GCP documentation
    • GCP quickstarts
    • Google Cloud Marketplace
    • G Suite Marketplace
    • Support
    • Tutorials
    • Training
    • Certifications
    • Google Developers
    • Google Cloud for Startups
    • System status
    • Release Notes

  • Engage

    • Contact sales
    • Find a Partner
    • Become a Partner
    • Blog
    • Events
    • Podcast
    • Community
    • Press center
    • Google Cloud on YouTube
    • GCP on YouTube
    • G Suite on YouTube
    • Follow on Twitter
    • Join User Research
    • We're hiring. Join Google Cloud!
  • About Google
  • Privacy
  • Site terms
  • Google Cloud terms
  • Sign up for the Google Cloud newsletter Subscribe