Explore

Cloud KMS

Cloud Key Management Service (Cloud KMS) lets you create and manage cryptographic keys for use in compatible Google Cloud services and in your own applications. Using Cloud KMS, you can do the following:

Generate software or hardware keys, import existing keys into Cloud KMS, or link external keys in your

compatible external key management (EKM) system⁠

Use customer-managed encryption keys (CMEKs) in Google Cloud products with

CMEK integration⁠

. CMEK integrations use your Cloud KMS keys to encrypt or "wrap" your data encryption keys (DEKs). Wrapping DEKs with key encryption keys (KEKs) is called

envelope encryption⁠

Use

Cloud KMS Autokey⁠

to automate provisioning and assignment. With Autokey, you don't need to provision key rings, keys, and service accounts ahead of time. Instead, they are generated on demand as part of resource creation.

Use Cloud KMS keys for encryption and decryption operations. For example, you can use the Cloud KMS API or client libraries to use your Cloud KMS keys for

client-side encryption⁠

Use Cloud KMS keys to create or verify

digital signatures⁠

message authentication code (MAC) signatures⁠

Ref:

Cloud Key Management Service overview | Cloud KMS Documentation | Google Cloud⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.