Cloud Key Management Service documentation
Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.
With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.
Start your proof of concept with $300 in free credit
- Get access to Gemini 2.0 Flash Thinking
- Free monthly usage of popular products, including AI APIs and BigQuery
- No automatic charges, no commitment
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.
Documentation resources
Guides
-
Quickstart: Create encryption keys with Cloud KMS
-
Encrypting and decrypting data with a symmetric key
-
Encrypting and decrypting data with an asymmetric key
-
Cloud HSM
-
Creating symmetric keys
-
Cloud External Key Manager
-
Importing a key into Cloud KMS
-
Retrieving a public key
-
Destroying and restoring key versions
-