Cloud Key Management Service documentation
Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.
With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.
Start your proof of concept with $300 in free credit
- Get access to Gemini 2.0 Flash Thinking
- Free monthly usage of popular products, including AI APIs and BigQuery
- No automatic charges, no commitment
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.
Documentation resources
Guides
Resources
Related resources
Encrypt and decrypt data with KMS
This tutorial teaches you how to encrypt and decrypt data using symmetric Cloud KMS keys.
Security in Google Cloud
Explore and deploy the components of a secure Google Cloud solution through hands on labs. Learn best practices for securing applications and data and mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.
Getting started with KMS
In this lab you'll learn how to use some advanced features of Google Cloud Security and Privacy APIs, including: setting up a secure Cloud Storage bucket, managing keys and encrypted data, and viewing Cloud Storage audit logs.
Tokenizing sensitive cardholder data for PCI DSS
Shows how to set up an access-controlled credit and debit card tokenization service on Cloud Functions. To set up the service, the article uses IAM, Cloud KMS, and Datastore.
PCI Data Security Standard Compliance
Learn how to implement the Payment Card Industry Data Security Standard (PCI DSS) for your business on Google Cloud.
Python samples
Python code samples and snippets
Node.js samples
A robust set of Node.js samples.
Go samples
A list of Go samples
.NET samples
Samples for .NET and KMS.
PHP samples
PHP code samples for KMS
Ruby samples
Ruby samples for KMS