Cloud Key Management Service documentation

Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.

With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data.

Go to the Cloud Key Management Service product page for more.

Start your proof of concept with 300ドル in free credit

  • Get access to Gemini 2.0 Flash Thinking
  • Free monthly usage of popular products, including AI APIs and BigQuery
  • No automatic charges, no commitment

Keep exploring with 20+ always-free products

Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.

Explore self-paced training, use cases, reference architectures, and code samples with examples of how to use and connect Google Cloud services.
Training
Training and tutorials

Encrypt and decrypt data with KMS

This tutorial teaches you how to encrypt and decrypt data using symmetric Cloud KMS keys.

Training
Training and tutorials

Security in Google Cloud

Explore and deploy the components of a secure Google Cloud solution through hands on labs. Learn best practices for securing applications and data and mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

Training
Training and tutorials

Getting started with KMS

In this lab you'll learn how to use some advanced features of Google Cloud Security and Privacy APIs, including: setting up a secure Cloud Storage bucket, managing keys and encrypted data, and viewing Cloud Storage audit logs.

Use case
Use cases

Tokenizing sensitive cardholder data for PCI DSS

Shows how to set up an access-controlled credit and debit card tokenization service on Cloud Functions. To set up the service, the article uses IAM, Cloud KMS, and Datastore.

PCI DSS Functions Datastore

Use case
Use cases

PCI Data Security Standard Compliance

Learn how to implement the Payment Card Industry Data Security Standard (PCI DSS) for your business on Google Cloud.

PCI DSS Compliance Security

Code sample
Code Samples

Python samples

Python code samples and snippets

Code sample
Code Samples

Node.js samples

A robust set of Node.js samples.

Code sample
Code Samples

Go samples

A list of Go samples

Code sample
Code Samples

.NET samples

Samples for .NET and KMS.

Code sample
Code Samples

PHP samples

PHP code samples for KMS

Code sample
Code Samples

Ruby samples

Ruby samples for KMS

Related videos

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月06日 UTC.