<!doctype html> <html lang="en" dir="ltr"> <head> <meta name="google-signin-client-id" content="721724668570-nbkv1cfusk7kk4eni4pjvepaus73b13t.apps.googleusercontent.com"> <meta name="google-signin-scope" content="profile email https://www.googleapis.com/auth/developerprofiles https://www.googleapis.com/auth/developerprofiles.award https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/webhistory"> <meta property="og:site_name" content="Google Cloud"> <meta property="og:type" content="website"><meta name="theme-color" content="#039be5"><meta charset="utf-8"> <meta content="IE=Edge" http-equiv="X-UA-Compatible"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="manifest" href="/_pwa/cloud/manifest.json" crossorigin="use-credentials"> <link rel="preconnect" href="//www.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.googleapis.com" crossorigin> <link rel="preconnect" href="//apis.google.com" crossorigin> <link rel="preconnect" href="//www.google-analytics.com" crossorigin><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"> <link rel="stylesheet" href="//fonts.googleapis.com/css2?family=Material+Icons&family=Material+Symbols+Outlined&display=block"><link rel="stylesheet" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/css/app.css"> <link rel="shortcut icon" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/favicon.ico"> <link rel="apple-touch-icon" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png"><link rel="canonical" href="https://cloud.google.com/kms/docs/cmek"><link rel="search" type="application/opensearchdescription+xml" title="Google Cloud" href="https://cloud.google.com/s/opensearch.xml"> <link rel="alternate" hreflang="en" href="https://cloud.google.com/kms/docs/cmek" /><link rel="alternate" hreflang="x-default" href="https://cloud.google.com/kms/docs/cmek" /><link rel="alternate" hreflang="zh-Hans" href="https://cloud.google.com/kms/docs/cmek?hl=zh-cn" /><link rel="alternate" hreflang="fr" href="https://cloud.google.com/kms/docs/cmek?hl=fr" /><link rel="alternate" hreflang="de" href="https://cloud.google.com/kms/docs/cmek?hl=de" /><link rel="alternate" hreflang="id" href="https://cloud.google.com/kms/docs/cmek?hl=id" /><link rel="alternate" hreflang="it" href="https://cloud.google.com/kms/docs/cmek?hl=it" /><link rel="alternate" hreflang="ja" href="https://cloud.google.com/kms/docs/cmek?hl=ja" /><link rel="alternate" hreflang="ko" href="https://cloud.google.com/kms/docs/cmek?hl=ko" /><link rel="alternate" hreflang="pt-BR" href="https://cloud.google.com/kms/docs/cmek?hl=pt-br" /><link rel="alternate" hreflang="es-419" href="https://cloud.google.com/kms/docs/cmek?hl=es-419" /><title>Customer-managed encryption keys (CMEK) &nbsp;|&nbsp; Cloud KMS Documentation &nbsp;|&nbsp; Google Cloud</title> <meta property="og:title" content="Customer-managed encryption keys (CMEK) &nbsp;|&nbsp; Cloud KMS Documentation &nbsp;|&nbsp; Google Cloud"><meta property="og:url" content="https://cloud.google.com/kms/docs/cmek"><meta property="og:image" content="https://cloud.google.com/_static/cloud/images/social-icon-google-cloud-1200-630.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="630"><meta property="og:locale" content="en"><meta name="twitter:card" content="summary_large_image"><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "headline": "Customer-managed encryption keys (CMEK)" } </script><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [{ "@type": "ListItem", "position": 1, "name": "Cloud Key Management Service", "item": "https://cloud.google.com/kms" },{ "@type": "ListItem", "position": 2, "name": "Documentation", "item": "https://cloud.google.com/kms/docs" },{ "@type": "ListItem", "position": 3, "name": "Customer-managed encryption keys (CMEK)", "item": "https://cloud.google.com/kms/docs/cmek" }] } </script> <link href="https://fonts.googleapis.com/css2?family=Google+Symbols" rel="stylesheet" data-page-link> <link rel="stylesheet" href="/extras.css"></head> <body class="" template="page" theme="cloud-theme" type="article" layout="docs" free-trial display-toc pending> <devsite-progress type="indeterminate" id="app-progress"></devsite-progress> <a href="#main-content" class="skip-link button"> Skip to main content </a> <section class="devsite-wrapper"> <devsite-cookie-notification-bar></devsite-cookie-notification-bar><cloudx-track userCountry="SG"></cloudx-track> <cloudx-utils-init></cloudx-utils-init> <devsite-header keep-tabs-visible> <div class="devsite-header--inner nocontent"> <div class="devsite-top-logo-row-wrapper-wrapper"> <div class="devsite-top-logo-row-wrapper"> <div class="devsite-top-logo-row"> <button type="button" id="devsite-hamburger-menu" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Navigation menu button" visually-hidden aria-label="Open menu"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item devsite-has-google-wordmark"> </li> </ul> </span> </div> <div class="devsite-top-logo-row-middle"> <div class="devsite-header-upper-tabs"> <cloudx-tabs-nav class="upper-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Upper tabs"> <tab class="devsite-active"> <a href="https://cloud.google.com/docs" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs" track-type="nav" track-metadata-position="nav - docs-home" track-metadata-module="primary nav" aria-label="Documentation, selected" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" > Documentation </a> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/tech-area-overviews" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" track-type="nav" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > Technology areas </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Technology areas" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/ai-ml" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/ai-ml" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> AI and ML </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-development" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-development" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application development </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-hosting" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-hosting" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application hosting </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/compute-area" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/compute-area" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Compute </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/data" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/data" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Data analytics and pipelines </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/databases" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/databases" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Databases </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/dhm-cloud" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/dhm-cloud" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Distributed, hybrid, and multicloud </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/generative-ai" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/generative-ai" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Generative AI </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/industry" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/industry" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Industry solutions </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/networking" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/networking" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Networking </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/observability" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/observability" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Observability and monitoring </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/security" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/security" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Security </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/storage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/storage" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Storage </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/cross-product-overviews" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" track-type="nav" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > Cross-product tools </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Cross-product tools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/access-resources" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/access-resources" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Access and resources management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/costs-usage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/costs-usage" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Costs and usage management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/devtools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/devtools" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud SDK, languages, frameworks, and tools </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/iac" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/iac" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Infrastructure as code </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/migration" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/migration" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Migration </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/" track-type="nav" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > Related sites </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Related sites" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Home </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/free" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/free" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Free Trial and Free Tier </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/architecture" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/architecture" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Architecture Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/blog" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Blog </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/contact" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/contact" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Contact Sales </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/developers" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/developers" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" track-type="nav" track-metadata-eventdetail="https://developers.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" track-type="nav" track-metadata-eventdetail="https://console.cloud.google.com/marketplace" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/marketplace/docs" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/marketplace/docs" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace Documentation </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" track-type="nav" track-metadata-eventdetail="https://www.cloudskillsboost.google/paths" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Skills Boost </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/solutions" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/solutions" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Solution Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/support-hub" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/support-hub" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Support </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" track-type="nav" track-metadata-eventdetail="https://www.youtube.com/@googlecloudtech" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Tech Youtube Channel </div> </a> </li> </ul> </div> </div> </div> </tab> </nav> </cloudx-tabs-nav> </div> <devsite-search enable-signin enable-search enable-suggestions project-name="Cloud KMS Documentation" tenant-name="Google Cloud" project-scope="/kms/docs" url-scoped="https://cloud.google.com/s/results/kms/docs" > <form class="devsite-search-form" action="https://cloud.google.com/s/results" method="GET"> <div class="devsite-search-container"> <button type="button" search-open class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Open search"></button> <div class="devsite-searchbox"> <input aria-activedescendant="" aria-autocomplete="list" aria-label="Search" aria-expanded="false" aria-haspopup="listbox" autocomplete="off" class="devsite-search-field devsite-search-query" name="q" placeholder="Search" role="combobox" type="text" value="" > <div class="devsite-search-image material-icons" aria-hidden="true"> </div> <div class="devsite-search-shortcut-icon-container" aria-hidden="true"> <kbd class="devsite-search-shortcut-icon">/</kbd> </div> </div> </div> </form> <button type="button" search-close class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Close search"></button> </devsite-search> </div> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> <devsite-user enable-profiles fp-auth id="devsite-user"> <span class="button devsite-top-button" aria-hidden="true" visually-hidden>Sign in</span> </devsite-user> </div> </div> </div> <div class="devsite-collapsible-section "> <div class="devsite-header-background"> <div class="devsite-product-id-row" hidden> <div class="devsite-product-description-row"> </div> </div> <div class="devsite-doc-set-nav-row"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> <a href="https://cloud.google.com/kms" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Lower Header" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="Cloud Key Management Service" > Cloud Key Management Service </a> </li> </ul> <cloudx-tabs-nav class="lower-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Lower tabs"> <tab > <a href="https://cloud.google.com/kms/docs" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/kms/docs" track-type="nav" track-metadata-position="nav - overview" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Overview" track-name="overview" > Overview </a> </tab> <tab class="devsite-active"> <a href="https://cloud.google.com/kms/docs/key-management-service" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/kms/docs/key-management-service" track-type="nav" track-metadata-position="nav - guides" track-metadata-module="primary nav" aria-label="Guides, selected" data-category="Site-Wide Custom Events" data-label="Tab: Guides" track-name="guides" > Guides </a> </tab> <tab > <a href="https://cloud.google.com/kms/docs/apis" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/kms/docs/apis" track-type="nav" track-metadata-position="nav - reference" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Reference" track-name="reference" > Reference </a> </tab> <tab > <a href="https://cloud.google.com/kms/docs/samples" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/kms/docs/samples" track-type="nav" track-metadata-position="nav - samples" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Samples" track-name="samples" > Samples </a> </tab> <tab > <a href="https://cloud.google.com/kms/docs/resources" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/kms/docs/resources" track-type="nav" track-metadata-position="nav - resources" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Resources" track-name="resources" > Resources </a> </tab> </nav> </cloudx-tabs-nav> <div class="devsite-product-button-row"> <a href="https://cloud.google.com/contact" class="cta-button-secondary button " data-overflow="devsite-tabs-wrapper" track-name="sales" track-type="contact" data-overflow-container="left" data-overflow-wrapper="tab" track-metadata-position="nav" track-metadata-eventDetail="nav" >Contact Us</a> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary " track-name="gcpCta" data-overflow="devsite-top-logo-row" data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" referrerpolicy="no-referrer-when-downgrade" track-metadata-position="nav" track-metadata-eventDetail="nav" data-overflow-container="right" track-type="freeTrial" >Start free</a> </div> </div> </div> </div> </div> </devsite-header> <devsite-book-nav scrollbars > <div class="devsite-book-nav-filter" > <span class="filter-list-icon material-icons" aria-hidden="true"></span> <input type="text" placeholder="Filter" aria-label="Type to filter" role="searchbox"> <span class="filter-clear-button hidden" data-title="Clear filter" aria-label="Clear filter" role="button" tabindex="0"></span> </div> <nav class="devsite-book-nav devsite-nav nocontent" aria-label="Side menu"> <div class="devsite-mobile-header"> <button type="button" id="devsite-close-nav" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close navigation" aria-label="Close navigation"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item devsite-has-google-wordmark"> </li> </ul> </span> </div> </div> <div class="devsite-book-nav-wrapper"> <div class="devsite-mobile-nav-top"> <ul class="devsite-nav-list"> <li class="devsite-nav-item"> <a href="/docs" class="devsite-nav-title gc-analytics-event devsite-nav-active" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Documentation" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Documentation </span> </a> <ul class="devsite-nav-responsive-tabs"> <li class="devsite-nav-item"> <a href="/kms/docs" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Overview" track-name="overview" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Overview" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Overview </span> </a> </li> <li class="devsite-nav-item"> <a href="/kms/docs/key-management-service" class="devsite-nav-title gc-analytics-event devsite-nav-has-children devsite-nav-active" data-category="Site-Wide Custom Events" data-label="Tab: Guides" track-name="guides" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Guides" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip menu="_book"> Guides </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="_book"> </span> </a> </li> <li class="devsite-nav-item"> <a href="/kms/docs/apis" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Reference" track-name="reference" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Reference" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Reference </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/kms/docs/samples" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Samples" track-name="samples" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Samples" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Samples </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/kms/docs/resources" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Resources" track-name="resources" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Resources" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Resources </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/docs/tech-area-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Technology areas" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Technology areas </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Technology areas"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Technology areas"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/docs/cross-product-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Cross-product tools" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Cross-product tools </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Cross-product tools"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Cross-product tools"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Related sites" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Related sites </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Related sites"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Related sites"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/" class="devsite-nav-title gc-analytics-event " track-metadata-eventDetail="nav" track-metadata-position="nav" referrerpolicy="no-referrer-when-downgrade" track-name="console" track-type="globalNav" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Console" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Console </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="cta-button-secondary button" data-overflow="devsite-tabs-wrapper" track-name="sales" track-type="contact" data-overflow-container="left" data-overflow-wrapper="tab" track-metadata-position="nav" track-metadata-eventDetail="nav" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Us" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Us </span> </a> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary" track-name="gcpCta" data-overflow="devsite-top-logo-row" data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" referrerpolicy="no-referrer-when-downgrade" track-metadata-position="nav" track-metadata-eventDetail="nav" data-overflow-container="right" track-type="freeTrial" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Start free" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Start free </span> </a> </li> </ul> </div> <div class="devsite-mobile-nav-bottom"> <ul class="devsite-nav-list" menu="_book"> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Discover</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/key-management-service" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/key-management-service" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/key-management-service" ><span class="devsite-nav-text" tooltip>Product overview</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Protection levels</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/protection-levels" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/protection-levels" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/protection-levels" ><span class="devsite-nav-text" tooltip>Overview</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/hsm" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/hsm" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/hsm" ><span class="devsite-nav-text" tooltip>Cloud HSM overview</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/ekm" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/ekm" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/ekm" ><span class="devsite-nav-text" tooltip>Cloud EKM overview</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/ekm-architectures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/ekm-architectures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/ekm-architectures" ><span class="devsite-nav-text" tooltip>Reference architectures for Cloud EKM</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/kms/docs/cmek" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/cmek" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/cmek" ><span class="devsite-nav-text" tooltip>CMEK overview</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/kms-autokey" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/kms-autokey" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/kms-autokey" ><span class="devsite-nav-text" tooltip>Cloud KMS with Autokey</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/compatible-services" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/compatible-services" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/compatible-services" ><span class="devsite-nav-text" tooltip>Compatible services</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/locations" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/locations" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/locations" ><span class="devsite-nav-text" tooltip>Locations</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Get started</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/resource-hierarchy" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/resource-hierarchy" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/resource-hierarchy" ><span class="devsite-nav-text" tooltip>Cloud KMS resources</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/algorithms" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/algorithms" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/algorithms" ><span class="devsite-nav-text" tooltip>Key purposes and algorithms</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/separation-of-duties" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/separation-of-duties" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/separation-of-duties" ><span class="devsite-nav-text" tooltip>Separation of duties</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/create-encryption-keys" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-encryption-keys" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-encryption-keys" ><span class="devsite-nav-text" tooltip>Create and use encryption keys</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/cmek-best-practices" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/cmek-best-practices" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/cmek-best-practices" ><span class="devsite-nav-text" tooltip>CMEK best practices</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Create keys</span> </div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Automate key creation</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/autokey-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/autokey-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/autokey-overview" ><span class="devsite-nav-text" tooltip>Autokey overview</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/enable-autokey" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/enable-autokey" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/enable-autokey" ><span class="devsite-nav-text" tooltip>Enable Autokey</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/create-resource-with-autokey" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-resource-with-autokey" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-resource-with-autokey" ><span class="devsite-nav-text" tooltip>Create a resource with Autokey</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/kms/docs/create-key-ring" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-key-ring" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-key-ring" ><span class="devsite-nav-text" tooltip>Create a key ring</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/create-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-key" ><span class="devsite-nav-text" tooltip>Create a key</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Import keys</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/key-import" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/key-import" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/key-import" ><span class="devsite-nav-text" tooltip>About key import</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/key-wrapping" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/key-wrapping" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/key-wrapping" ><span class="devsite-nav-text" tooltip>Key wrapping</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/formatting-keys-for-import" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/formatting-keys-for-import" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/formatting-keys-for-import" ><span class="devsite-nav-text" tooltip>Format a key for import</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Manually wrap a key for import</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/configuring-openssl-for-manual-key-wrapping" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/configuring-openssl-for-manual-key-wrapping" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/configuring-openssl-for-manual-key-wrapping" ><span class="devsite-nav-text" tooltip>Configure OpenSSL for manual key wrapping</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/wrapping-a-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/wrapping-a-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/wrapping-a-key" ><span class="devsite-nav-text" tooltip>Wrap a key using OpenSSL</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/kms/docs/crypto" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/crypto" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/crypto" ><span class="devsite-nav-text" tooltip>Set up automatic key wrapping</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/importing-a-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/importing-a-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/importing-a-key" ><span class="devsite-nav-text" tooltip>Import a key version</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/verifying-imported-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/verifying-imported-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/verifying-imported-key" ><span class="devsite-nav-text" tooltip>Verify an imported key version</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Create external keys</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/set-up-ekm-internet" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/set-up-ekm-internet" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/set-up-ekm-internet" ><span class="devsite-nav-text" tooltip>Set up Cloud EKM over the internet</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/create-ekm-connection" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-ekm-connection" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-ekm-connection" ><span class="devsite-nav-text" tooltip>Create an EKM connection</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/create-external-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-external-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-external-key" ><span class="devsite-nav-text" tooltip>Create an external Key</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Control access</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/iam" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/iam" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/iam" ><span class="devsite-nav-text" tooltip>Manage IAM roles</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/org-policy-constraints" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/org-policy-constraints" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/org-policy-constraints" ><span class="devsite-nav-text" tooltip>Use Organization Policy Contraints</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/custom-org-policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/custom-org-policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/custom-org-policies" ><span class="devsite-nav-text" tooltip>Create custom organization policy constraints for Cloud KMS</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/cmek-org-policy" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/cmek-org-policy" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/cmek-org-policy" ><span class="devsite-nav-text" tooltip>CMEK organization policies</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/control-key-destruction" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/control-key-destruction" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/control-key-destruction" ><span class="devsite-nav-text" tooltip>Control key destruction</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Secure data using keys</span> </div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Key APIs</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/grpc" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/grpc" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/grpc" ><span class="devsite-nav-text" tooltip>Use gRPC</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/accessing-the-api" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/accessing-the-api" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/accessing-the-api" ><span class="devsite-nav-text" tooltip>Access the API</span></a></li><li class="devsite-nav-item devsite-nav-beta"><a href="/kms/docs/sorting-and-filtering" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/sorting-and-filtering" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/sorting-and-filtering" ><span class="devsite-nav-text" tooltip>Sort and filter API list results</span><span class="devsite-nav-icon material-icons" data-icon="beta" data-title="Beta" aria-hidden="true"></span></a></li><li class="devsite-nav-item"><a href="/kms/docs/generate-random" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/generate-random" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/generate-random" ><span class="devsite-nav-text" tooltip>Generate random bytes</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/kms/docs/use-keys-google-cloud" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/use-keys-google-cloud" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/use-keys-google-cloud" ><span class="devsite-nav-text" tooltip>Use Cloud KMS keys in Google Cloud</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Encrypt and decrypt data</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/envelope-encryption" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/envelope-encryption" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/envelope-encryption" ><span class="devsite-nav-text" tooltip>Envelope encryption</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/additional-authenticated-data" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/additional-authenticated-data" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/additional-authenticated-data" ><span class="devsite-nav-text" tooltip>Additional authenticated data</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/asymmetric-encryption" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/asymmetric-encryption" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/asymmetric-encryption" ><span class="devsite-nav-text" tooltip>Asymmetric encryption</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/encrypt-decrypt" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/encrypt-decrypt" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/encrypt-decrypt" ><span class="devsite-nav-text" tooltip>Encrypt and decrypt data with a symmetric key</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/raw-encryption" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/raw-encryption" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/raw-encryption" ><span class="devsite-nav-text" tooltip>Encrypt and decrypt data with a raw symmetric key</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/encrypt-decrypt-rsa" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/encrypt-decrypt-rsa" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/encrypt-decrypt-rsa" ><span class="devsite-nav-text" tooltip>Encrypt and decrypt data with an asymmetric key</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/data-integrity-guidelines" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/data-integrity-guidelines" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/data-integrity-guidelines" ><span class="devsite-nav-text" tooltip>Verify end-to-end data integrity</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/encrypting-application-data" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/encrypting-application-data" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/encrypting-application-data" ><span class="devsite-nav-text" tooltip>Encrypt application data</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/client-side-encryption" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/client-side-encryption" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/client-side-encryption" ><span class="devsite-nav-text" tooltip>Set up client-side encryption with Tink</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Sign and validate data</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/digital-signatures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/digital-signatures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/digital-signatures" ><span class="devsite-nav-text" tooltip>Digital signatures</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/create-validate-signatures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-validate-signatures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-validate-signatures" ><span class="devsite-nav-text" tooltip>Create and validate signatures</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/mac-signatures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/mac-signatures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/mac-signatures" ><span class="devsite-nav-text" tooltip>MAC signatures</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/create-validate-mac-signatures" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-validate-mac-signatures" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-validate-mac-signatures" ><span class="devsite-nav-text" tooltip>Create and validate MAC signatures</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Manage keys</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/consistency" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/consistency" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/consistency" ><span class="devsite-nav-text" tooltip>Resource consistency</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/key-states" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/key-states" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/key-states" ><span class="devsite-nav-text" tooltip>Key version states</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>View keys and key details</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/view-keys-by-project" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/view-keys-by-project" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/view-keys-by-project" ><span class="devsite-nav-text" tooltip>View keys by project</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/view-key-usage" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/view-key-usage" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/view-key-usage" ><span class="devsite-nav-text" tooltip>View key usage</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/getting-resource-ids" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/getting-resource-ids" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/getting-resource-ids" ><span class="devsite-nav-text" tooltip>Get a Cloud KMS resource ID</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/retrieve-public-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/retrieve-public-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/retrieve-public-key" ><span class="devsite-nav-text" tooltip>Retrieve a public key</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/attest-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/attest-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/attest-key" ><span class="devsite-nav-text" tooltip>Attest a Cloud HSM key</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/kms/docs/creating-managing-labels" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/creating-managing-labels" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/creating-managing-labels" ><span class="devsite-nav-text" tooltip>Label a key</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/create-manage-tags" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/create-manage-tags" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/create-manage-tags" ><span class="devsite-nav-text" tooltip>Create and manage tags</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/enable-disable" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/enable-disable" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/enable-disable" ><span class="devsite-nav-text" tooltip>Enable and disable a key version</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/destroy-restore" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/destroy-restore" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/destroy-restore" ><span class="devsite-nav-text" tooltip>Destroy and restore a key version</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Rotate keys</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/kms/docs/key-rotation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/key-rotation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/key-rotation" ><span class="devsite-nav-text" tooltip>About key rotation</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/rotate-key" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/rotate-key" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/rotate-key" ><span class="devsite-nav-text" tooltip>Rotate a key</span></a></li><li class="devsite-nav-item"><a href="/kms/docs/re-encrypt-data" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/re-encrypt-data" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/re-encrypt-data" ><span class="devsite-nav-text" tooltip>Re-encrypt data</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/kms/docs/update-external-key-path" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/update-external-key-path" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/update-external-key-path" ><span class="devsite-nav-text" tooltip>Update external key reference</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Monitor</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/audit-logging" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/audit-logging" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/audit-logging" ><span class="devsite-nav-text" tooltip>Using Cloud Audit Logging</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/audit-logging-kms-inventory" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/audit-logging-kms-inventory" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/audit-logging-kms-inventory" ><span class="devsite-nav-text" tooltip>Cloud KMS Inventory Service audit logging</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/monitor-state-changes" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/monitor-state-changes" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/monitor-state-changes" ><span class="devsite-nav-text" tooltip>Monitor state changes</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/monitor-adjust-quotas" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/monitor-adjust-quotas" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/monitor-adjust-quotas" ><span class="devsite-nav-text" tooltip>Monitor and adjust quotas</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/monitoring" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/monitoring" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/monitoring" ><span class="devsite-nav-text" tooltip>Use Cloud Monitoring</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/monitor-ekm-usage" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/monitor-ekm-usage" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/monitor-ekm-usage" ><span class="devsite-nav-text" tooltip>Monitor EKM usage</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Troubleshoot</span> </div></li> <li class="devsite-nav-item"><a href="/kms/docs/troubleshooting-failed-imports" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/troubleshooting-failed-imports" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/troubleshooting-failed-imports" ><span class="devsite-nav-text" tooltip>Troubleshoot failed imports</span></a></li> <li class="devsite-nav-item"><a href="/kms/docs/troubleshoot-ekm-vpc" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /kms/docs/troubleshoot-ekm-vpc" track-type="bookNav" track-name="click" track-metadata-eventdetail="/kms/docs/troubleshoot-ekm-vpc" ><span class="devsite-nav-text" tooltip>Troubleshoot EKM via VPC errors</span></a></li> </ul> <ul class="devsite-nav-list" menu="Technology areas" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/ai-ml" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: AI and ML" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > AI and ML </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-development" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application development" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application development </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-hosting" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application hosting" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application hosting </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/compute-area" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Compute" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Compute </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/data" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Data analytics and pipelines" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Data analytics and pipelines </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/databases" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Databases" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Databases </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/dhm-cloud" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Distributed, hybrid, and multicloud" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Distributed, hybrid, and multicloud </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/generative-ai" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Generative AI" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Generative AI </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/industry" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Industry solutions" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Industry solutions </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/networking" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Networking" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Networking </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/observability" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Observability and monitoring" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Observability and monitoring </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/security" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Security" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Security </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/storage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Storage" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Storage </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Cross-product tools" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/access-resources" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Access and resources management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Access and resources management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/costs-usage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Costs and usage management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Costs and usage management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/devtools" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud SDK, languages, frameworks, and tools" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud SDK, languages, frameworks, and tools </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/iac" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Infrastructure as code" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Infrastructure as code </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/migration" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Migration" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Migration </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Related sites" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Home" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Home </span> </a> </li> <li class="devsite-nav-item"> <a href="/free" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Free Trial and Free Tier" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Free Trial and Free Tier </span> </a> </li> <li class="devsite-nav-item"> <a href="/architecture" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Architecture Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Architecture Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Blog" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Blog </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Sales" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Sales </span> </a> </li> <li class="devsite-nav-item"> <a href="/developers" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace </span> </a> </li> <li class="devsite-nav-item"> <a href="/marketplace/docs" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace Documentation" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace Documentation </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Skills Boost" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Skills Boost </span> </a> </li> <li class="devsite-nav-item"> <a href="/solutions" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Solution Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Solution Center </span> </a> </li> <li class="devsite-nav-item"> <a href="/support-hub" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Support" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Support </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Tech Youtube Channel" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Tech Youtube Channel </span> </a> </li> </ul> </div> </div> </nav> </devsite-book-nav> <section id="gc-wrapper"> <main role="main" id="main-content" class="devsite-main-content" has-book-nav has-sidebar > <div class="devsite-sidebar"> <div class="devsite-sidebar-content"> <devsite-toc class="devsite-nav" role="navigation" aria-label="On this page" depth="2" scrollbars ></devsite-toc> <devsite-recommendations-sidebar class="nocontent devsite-nav"> </devsite-recommendations-sidebar> </div> </div> <devsite-content> <article class="devsite-article"> <div class="devsite-article-meta nocontent" role="navigation"> <ul class="devsite-breadcrumb-list" aria-label="Breadcrumb"> <li class="devsite-breadcrumb-item "> <a href="https://cloud.google.com/" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="Google Cloud" > Home </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/kms" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="2" track-type="globalNav" track-name="breadcrumb" track-metadata-position="2" track-metadata-eventdetail="Cloud Key Management Service" > Cloud Key Management Service </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/kms/docs" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="3" track-type="globalNav" track-name="breadcrumb" track-metadata-position="3" track-metadata-eventdetail="Cloud KMS Documentation" > Documentation </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/kms/docs/key-management-service" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="4" track-type="globalNav" track-name="breadcrumb" track-metadata-position="4" track-metadata-eventdetail="" > Guides </a> </li> </ul> <devsite-thumb-rating position="header"> </devsite-thumb-rating> </div> <devsite-feedback position="header" project-name="Cloud KMS Documentation" product-id="5074561" bucket="" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="header" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Send feedback </button> </devsite-feedback> <h1 class="devsite-page-title" tabindex="-1"> Customer-managed encryption keys (CMEK) </h1> <devsite-feature-tooltip ack-key="AckCollectionsBookmarkTooltipDismiss" analytics-category="Site-Wide Custom Events" analytics-action-show="Callout Profile displayed" analytics-action-close="Callout Profile dismissed" analytics-label="Create Collection Callout" class="devsite-page-bookmark-tooltip nocontent" dismiss-button="true" id="devsite-collections-dropdown" dismiss-button-text="Dismiss" close-button-text="Got it"> <devsite-bookmark></devsite-bookmark> <span slot="popout-heading"> Stay organized with collections </span> <span slot="popout-contents"> Save and categorize content based on your preferences. </span> </devsite-feature-tooltip> <div class="devsite-page-title-meta"><devsite-view-release-notes></devsite-view-release-notes></div> <devsite-toc class="devsite-nav" depth="2" devsite-toc-embedded > </devsite-toc> <div class="devsite-article-body clearfix "> <p>This document provides an overview of using Cloud Key Management Service (Cloud KMS) for customer-managed encryption keys (CMEK). Using Cloud KMS CMEK gives you ownership and control of the keys that protect your data at rest in Google Cloud.</p> <h2 id="cmek-comparison" data-text="Comparison of CMEK and Google-owned and Google-managed encryption keys" tabindex="-1">Comparison of CMEK and Google-owned and Google-managed encryption keys</h2> <p>The Cloud KMS keys that you create are customer-managed keys. Google Cloud services that use your keys are said to have a <em>CMEK integration</em>. You can manage these CMEKs directly, or through <a href="/kms/docs/autokey-overview">Cloud KMS Autokey</a>. The following factors differentiate Google Cloud&#39;s default encryption at rest from customer-managed keys:</p> <table> <tr> <th>Type of key</th> <th>Cloud KMS Autokey</th> <th>Cloud KMS customer-managed (manual)</th> <th>Google-owned and Google-managed encryption key (Google default encryption)</th> </tr> <tr> <td><p>Can view key metadata</p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td><p>No</p></td> </tr> <tr> <td><p>Ownership of keys<a href="#footnote1">¹</a></p></td> <td><p>Customer</p></td> <td><p>Customer</p></td> <td><p>Google</p></td> </tr> <tr> <td><p>Can manage<a href="#footnote2">²</a> and control<a href="#footnote3">³</a> keys</p></td> <td><p>Key creation and assignment is automated. Customer manual control is fully supported.</p></td> <td><p>Customer, manual control only</p></td> <td><p>Google</p></td> </tr> <tr> <td><p>Supports regulatory requirements for customer-managed keys</p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td><p>No</p></td> </tr> <tr> <td><p>Key sharing</p></td> <td><p>Unique to a customer</p></td> <td><p>Unique to a customer</p></td> <td><p>Data from multiple customers is typically protected by shared key encryption keys (KEKs).</p></td> </tr> <tr> <td><p>Control of key rotation</p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td><p><a href="/docs/security/encryption/default-encryption#kek_management">No</a></p></td> </tr> <tr> <td><p><a href="/kms/docs/cmek-org-policy">CMEK organization policies</a></p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td>No</td> </tr> <tr> <td><p><a href="/kms/docs/audit-logging">Log administrative and data access to encryption keys</a></p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td><p>No</p></td> </tr> <tr> <td><p>Logical data separation through encryption</p></td> <td><p>Yes</p></td> <td><p>Yes</p></td> <td><p><a href="/docs/security/encryption/default-encryption#hardware">No</a></p></td> </tr> <tr> <td><p>Pricing</p></td> <td><p><a href="/kms/pricing">Varies</a></p></td> <td><a href="/kms/pricing">Varies</a> </td> <td><p>Free</p></td> </tr> </table> <p id="footnote1">¹ The owner of the key indicates who holds the rights to the key. Keys that you own have tightly restricted access or no access by Google.</p> <p id="footnote2">² Management of keys includes the following tasks:</p> <ul> <li>Create keys.</li> <li>Choose the protection level of the keys.</li> <li>Assign authority for management of the keys.</li> <li>Control access to keys.</li> <li>Control usage of keys.</li> <li>Set and modify the rotation period of keys, or trigger a rotation of keys.</li> <li>Change key status.</li> <li>Destroy key versions.</li> </ul> <p id="footnote3">³ Control of keys means setting controls on the kind of keys and how the keys are used, detecting variance, and planning corrective action if needed. You can control your keys, but delegate management of the keys to a third party.</p> <h3 id="default-encryption" data-text="Default encryption with Google-owned and Google-managed encryption keys" tabindex="-1">Default encryption with Google-owned and Google-managed encryption keys</h3> <p>All data stored within Google Cloud is encrypted at rest using the same hardened key management systems that Google Cloud uses for our own encrypted data. These key management systems provide strict key access controls and auditing, and encrypt user data at rest using the AES-256 encryption standard. Google Cloud owns and controls the keys used to encrypt your data. You can&#39;t view or manage these keys or review key usage logs. Data from multiple customers might use the same key encryption key (KEK). No setup, configuration, or management is required.</p> For more information about default encryption in Google Cloud, see <a href="/docs/security/encryption/default-encryption#googles_default_encryption">Default encryption at rest</a>. </p> <h3 id="cmek" data-text="Customer-managed encryption keys (CMEK)" tabindex="-1">Customer-managed encryption keys (CMEK)</h3> <p>Customer-managed encryption keys are encryption keys that you own. This capability lets you have greater control over the keys used to encrypt data at rest within supported Google Cloud services, and provides a cryptographic boundary around your data. You can manage CMEKs directly in Cloud KMS, or automate provisioning and assignment by using <a href="/kms/docs/autokey-overview">Cloud KMS Autokey</a>. </p> <p>Services that support CMEK have a <em>CMEK integration</em>. CMEK integration is a server-side encryption technology that you can use in place of Google Cloud&#39;s default encryption. After CMEK is set up, the operations to encrypt and decrypt resources are handled by the resource service agent. Because CMEK-integrated services handle access to the encrypted resource, encryption and decryption can take place transparently, without end-user effort. The experience of accessing resources is similar to using Google Cloud&#39;s default encryption. For more information about CMEK integration, see <a href="#cmek-integration">What a CMEK-integrated service provides</a>.</p> <p>You can use unlimited key versions for each key.</p> <p>To learn whether a service supports CMEKs, see the <a href="/kms/docs/compatible-services#cmek_integrations">list of supported services</a>.</p> <p>Using Cloud KMS incurs costs related to the number of key versions and cryptographic operations with those key versions. For more information about pricing, see <a href="/kms/pricing">Cloud Key Management Service pricing</a>. No minimum purchase or commitment is required. </p> <h3 id="cmek-with-autokey" data-text="Customer-managed encryption keys (CMEK) with Cloud KMS Autokey" tabindex="-1">Customer-managed encryption keys (CMEK) with Cloud KMS Autokey</h3> <p>Cloud KMS Autokey simplifies creating and managing CMEKs by automating provisioning and assignment. With Autokey, keyrings and keys are generated on demand as part of resource creation, and service agents that use the keys for encrypt and decrypt operations are automatically granted the necessary Identity and Access Management (IAM) roles.</p> <p>Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including key-data location alignment, key specificity, hardware security module (HSM) protection level, key rotation schedule, and separation of duties. Autokey creates keys that follow both general guidelines and guidelines specific to the resource type for Google Cloud services that integrate with Autokey. Keys created using Autokey function identically to other Cloud HSM keys with the same settings, including support for regulatory requirements for customer-managed keys. For more information about Autokey, see <a href="/kms/docs/autokey-overview">Autokey overview</a>. </p> <h2 id="when-use-cmek" data-text="When to use customer-managed encryption keys" tabindex="-1">When to use customer-managed encryption keys</h2> You can use manually-created CMEKs or keys created by Autokey in compatible services to help you meet the following goals: </p> <ul> <li><p>Own your encryption keys.</p></li> <li><p>Control and manage your encryption keys, including choice of location, protection level, creation, access control, rotation, use, and destruction.</p></li> <li><p>Generate key material in Cloud KMS or import key material that is maintained outside of Google Cloud.</p></li> <li><p>Set policy regarding where your keys must be used.</p></li> <li><p>Selectively delete data protected by your keys in the case of off-boarding or to remediate security events (crypto-shredding).</p></li> <li><p>Create and use keys that are unique to a customer, establishing a cryptographic boundary around your data.</p></li> <li><p><a href="/kms/docs/audit-logging">Log administrative and data access</a> to encryption keys.</p></li> <li><p>Meet current or future regulation that requires any of these goals.</p></li> </ul> <h2 id="cmek-integration" data-text="What a CMEK-integrated service provides" tabindex="-1">What a CMEK-integrated service provides</h2> <p>Like Google Cloud&#39;s default encryption, CMEK is server-side, symmetric, envelope encryption of customer data. The difference from Google Cloud&#39;s default encryption is that CMEK protection uses a key that a customer controls. CMEKs created manually or automatically using Autokey operate the same way during service integration. </p> <ul> <li><p><a href="/kms/docs/compatible-services#cmek_integrations">Cloud services that have a <em>CMEK integration</em></a> use keys you create in Cloud KMS to protect your resources.</p></li> <li><p>Services that are integrated with Cloud KMS use symmetric encryption.</p></li> <li><p>You choose the <a href="/kms/docs/protection-levels">protection level</a> of the key.</p></li> <li><p>All keys are 256-bit AES-GCM.</p></li> <li><p>Key material never leaves the Cloud KMS system boundary.</p></li> <li><p>Your symmetric keys are used to encrypt and decrypt in the envelope encryption model.</p></li> </ul> <h3 id="cmek-tracking" data-text="CMEK-integrated services track keys and resources" tabindex="-1">CMEK-integrated services track keys and resources</h3> <ul> <li><p>CMEK-protected resources have a metadata field that holds the name of the key that encrypts it. Generally, this will be customer-visible in the resource metadata.</p></li> <li><p><a href="/kms/docs/view-key-usage">Key tracking</a> tells you what resources a key protects, for services that support key tracking.</p></li> <li><p>Keys can be <a href="/kms/docs/view-keys-by-project">listed by project</a>. </p></li> </ul> <h3 id="cmek-access" data-text="CMEK-integrated services handle resource access" tabindex="-1">CMEK-integrated services handle resource access</h3> <p>The principal that creates or views resources in the CMEK-integrated service does not require the <a href="/kms/docs/reference/permissions-and-roles#cloudkms.cryptoKeyEncrypterDecrypter">Cloud KMS CryptoKey Encrypter/Decrypter</a> (<code translate="no" dir="ltr">roles/cloudkms.cryptoKeyEncrypterDecrypter</code>) for the CMEK used to protect the resource.</p> <p>Each project resource has a special service account called a <a href="/storage/docs/encryption/customer-managed-keys#service-agents">service agent</a> that performs encryption and decryption with customer-managed keys. After you give the service agent access to a CMEK, that service agent will use that key to protect the resources of your choice.</p> <p>When a requester wants to access a resource encrypted with a customer-managed key, the service agent automatically attempts to decrypt the requested resource. If the service agent has permission to decrypt using the key, and you have not disabled or destroyed the key, the service agent provides encrypt and decrypt use of the key. Otherwise, the request fails.</p> <p>No additional requester access is required, and since the service agent handles the encryption and decryption in the background, the user experience for accessing resources is similar to using Google Cloud&#39;s default encryption.</p> <h2 id="using-autokey-cmek" data-text="Using Autokey for CMEK" tabindex="-1">Using Autokey for CMEK</h2> <p>For each folder where you want to use Autokey, there is a one-time setup process. You can expect to choose a folder to work in with Autokey support, and an associated key project where Autokey stores the keys for that folder. For more information about enabling Autokey, see <a href="/kms/docs/enable-autokey">Enable Cloud KMS Autokey</a>.</p> <p>Compared to manually creating CMEKs, Autokey does not require the following setup steps:</p> <ul> <li><p>Key administrators don&#39;t need manually create key rings or keys, or assign privileges to the service agents that encrypt and decrypt data. The Cloud KMS service agent does these actions on their behalf.</p></li> <li><p>Developers don&#39;t need to plan ahead to request keys prior to resource creation. They can request keys themselves from Autokey as needed, while still preserving <a href="/kms/docs/separation-of-duties">separation of duties</a>.</p></li> </ul> <p>When you use Autokey, there is only one step: the developer requests the keys as part of resource creation. Keys returned are consistent for the intended resource type.</p> <p>Your CMEKs created with Autokey behave in the same way as manually-created keys for the following features:</p> <ul> <li><p>CMEK-integrated services behave the same way.</p></li> <li><p>The key administrator can continue to monitor all keys created and used through the Cloud KMS dashboard and <a href="/kms/docs/view-key-usage">key usage tracking</a>.</p></li> <li><p>Organization policies work in the same way with Autokey as they do with manually created CMEKs.</p></li> </ul> <p>For an overview of Autokey, see <a href="/kms/docs/autokey-overview">Autokey overview</a>. For more information about creating CMEK-protected resources with Autokey, see <a href="/kms/docs/create-resource-with-autokey">Create protected resources using Cloud KMS Autokey</a>.</p> <h2 id="manually_creating_cmeks" data-text="Manually creating CMEKs" tabindex="-1">Manually creating CMEKs</h2> <p>When you manually create your CMEKs, you must plan and create key rings, keys, and resource locations before you can create protected resources. You can then use your keys to protect the resources.</p> <p>For the exact steps to enable CMEK, see the documentation for the relevant Google Cloud service. Some services, such as GKE, have multiple CMEK integrations for protecting different types of data related to the service. You can expect to follow steps similar to the following:</p> <ol> <li><p>Create a Cloud KMS key ring or choose an existing key ring. When creating your key ring, choose a location that is geographically near to the resources you&#39;re protecting. The key ring can be in the same project as the resources you&#39;re protecting or in different projects. Using different projects gives you greater control over IAM roles and helps support <a href="/kms/docs/separation-of-duties">separation of duties</a>.</p></li> <li><p>You create or import a Cloud KMS key in the chosen key ring. This key is the CMEK.</p></li> <li><p>You grant the <a href="/kms/docs/reference/permissions-and-roles#cloudkms.cryptoKeyEncrypterDecrypter">CryptoKey Encrypter/Decrypter IAM role</a> (<code translate="no" dir="ltr">roles/cloudkms.cryptoKeyEncrypterDecrypter</code>) on the CMEK to the service account for the service.</p></li> <li><p>When creating a resource, configure the resource to use the CMEK. For example, you can configure a BigQuery table to <a href="/bigquery/docs/customer-managed-encryption#create_table">protect data at rest in the table</a>.</p></li> </ol> <p>For a requester to gain access to the data, they don&#39;t need direct access to the CMEK.</p> <p>As long as the service agent has the <strong>CryptoKey Encrypter/Decrypter</strong> role, the service can encrypt and decrypt its data. If you revoke this role, or if you disable or destroy the CMEK, that data can&#39;t be accessed.</p> <aside class="caution"><strong>Caution:</strong><span> Some services can experience permanent data loss when the CMEK remains disabled or inaccessible for too long.</span></aside> <h3 id="cmek_compliance" data-text="CMEK compliance" tabindex="-1">CMEK compliance</h3> <p>Some services have CMEK integrations, and allow you to manage keys yourself. Some services instead offer <em>CMEK compliance</em>, meaning the temporary data and ephemeral key are never written to disk. For a complete list of integrated and compliant services, see <a href="/kms/docs/compatible-services#cmek_compliant">CMEK compatible services</a>.</p> <h2 id="key-usage-tracking" data-text="Key usage tracking" tabindex="-1">Key usage tracking</h2> <p>Key usage tracking shows you the Google Cloud resources within your organization that are protected by your CMEKs. Using key usage tracking, you can view the protected resources, projects, and unique Google Cloud products that use a specific key, and whether keys are in use. For more information about key usage tracking, see <a href="/kms/docs/view-key-usage">View key usage</a> </p> <h2 id="cmek-policy" data-text="CMEK organization policies" tabindex="-1">CMEK organization policies</h2> <p>Google Cloud offers organization policy constraints to help ensure consistent CMEK usage across an organization resource. These constraints provide controls to Organization Administrators to <a href="/kms/docs/cmek-org-policy#require-cmek">require CMEK usage</a> and to specify limitations and controls on the Cloud KMS keys used for CMEK protection, including the following:</p> <ul> <li><p>Limits on <a href="/kms/docs/cmek-org-policy">which Cloud KMS keys are used for CMEK protection</a></p></li> <li><p>Limits on the allowed <a href="/kms/docs/org-policy-constraints#allowed-protection-levels">protection levels of keys</a></p></li> <li><p>Limits on the <a href="/kms/docs/org-policy-constraints#resource-locations">location of CMEKs</a></p></li> <li><p>Controls for <a href="/kms/docs/control-key-destruction">key version destruction</a></p></li> </ul> <h2 id="whats-next" data-text="What's next" tabindex="-1">What's next</h2> <ul> <li>See the list of <a href="/kms/docs/compatible-services#cmek_integrations">services with CMEK integrations</a>.</li> <li>See the list of <a href="/kms/docs/compatible-services#cmek_compliant">CMEK-compliant services</a>.</li> <li>See the list of <a href="/kms/docs/view-key-usage#tracked-resource-types">resource types</a> that can have key usage tracking.</li> <li>See the <a href="/kms/docs/autokey-overview#compatible-services">list of services supported by Autokey</a>.</li> </ul> <devsite-hats-survey class="nocontent" hats-id="mwETRvWii0eU5NUYprb0Y9z5GVbc" listnr-id="83405"></devsite-hats-survey> </div> <devsite-thumb-rating position="footer"> </devsite-thumb-rating> <devsite-feedback position="footer" project-name="Cloud KMS Documentation" product-id="5074561" bucket="" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="footer" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Send feedback </button> </devsite-feedback> <div class="devsite-floating-action-buttons"> </div> </article> <devsite-content-footer class="nocontent"> <p>Except as otherwise noted, the content of this page is licensed under the <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 License</a>, and code samples are licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 License</a>. For details, see the <a href="https://developers.google.com/site-policies">Google Developers Site Policies</a>. Java is a registered trademark of Oracle and/or its affiliates.</p> <p>Last updated 2025-02-14 UTC.</p> </devsite-content-footer> <devsite-notification > </devsite-notification> <div class="devsite-content-data"> <template class="devsite-thumb-rating-feedback"> <devsite-feedback position="thumb-rating" project-name="Cloud KMS Documentation" product-id="5074561" bucket="" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="thumb-rating" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Need to tell us more? </button> </devsite-feedback> </template> <template class="devsite-content-data-template"> [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-14 UTC."],[],[]] </template> </div> </devsite-content> </main> <devsite-footer-promos class="devsite-footer"> </devsite-footer-promos> <devsite-footer-linkboxes class="devsite-footer"> <nav class="devsite-footer-linkboxes nocontent" aria-label="Footer links"> <ul class="devsite-footer-linkboxes-list"> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Why Google</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/why-google-cloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-position="footer"track-metadata-child_headline="why google"track-type="footer link"track-metadata-module="footer"track-name="choosing google cloud"track-metadata-eventDetail="cloud.google.com/why-google-cloud/"> Choosing Google Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/trust-center/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/security/"track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="why google"track-name="trust and security"> Trust and security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/modern-infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-child_headline="why google"track-type="footer link"track-metadata-module="footer"track-name="modern infrastructure cloud"track-metadata-eventDetail="cloud.google.com/solutions/modern-infrastructure/"track-metadata-position="footer"> Modern Infrastructure Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/multicloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-eventDetail="cloud.google.com/multicloud/"track-metadata-position="footer"track-metadata-child_headline="why google"track-type="footer link"track-name="multicloud"track-metadata-module="footer"> Multicloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-type="footer link"track-metadata-eventDetail="cloud.google.com/infrastructure/"track-metadata-position="footer"track-metadata-module="footer"track-name="global infrastructure"track-metadata-child_headline="why google"> Global infrastructure </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/customers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-name="customers and case studies"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/customers/"track-metadata-position="footer"track-metadata-child_headline="why google"track-type="footer link"> Customers and case studies </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/analyst-reports/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="why google"track-name="analyst reports"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/analyst-reports/"> Analyst reports </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/whitepapers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-eventDetail="cloud.google.com/whitepapers/"track-metadata-position="footer"track-metadata-module="footer"track-metadata-child_headline="why google"track-name="whitepapers"track-type="footer link"> Whitepapers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/blog/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-type="footer link"track-metadata-eventDetail="cloud.google.com/blog/"track-metadata-position="footer"track-name="blog"track-metadata-module="footer"track-metadata-child_headline="engage"> Blog </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Products and pricing</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/pricing/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-module="footer"track-type="footer link"track-metadata-child_headline="products and pricing"track-name="google cloud pricing"track-metadata-eventDetail="cloud.google.com/pricing/"track-metadata-position="footer"> Google Cloud pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//workspace.google.com/pricing.html" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-name="google workspace pricing"track-metadata-module="footer"track-metadata-eventDetail="workspace.google.com/pricing.html"target="_blank"track-metadata-position="footer"track-metadata-child_headline="products and pricing"track-type="footer link"> Google Workspace pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/products/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-child_headline="products and pricing"track-name="see all products"track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/products/"track-metadata-position="footer"> See all products </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Solutions</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/solutions/infrastructure-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-name="infrastructure modernization"track-metadata-eventDetail="cloud.google.com/solutions/infrastructure-modernization/"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="solutions"> Infrastructure modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/databases/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-type="footer link"track-metadata-eventDetail="cloud.google.com/solutions/databases"track-metadata-position="footer"track-name="databases"track-metadata-module="footer"track-metadata-child_headline="solutions"> Databases </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/application-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-type="footer link"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/solutions/application-modernization/"track-metadata-position="footer"track-metadata-child_headline="solutions"track-name="application development"> Application modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/smart-analytics/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-position="footer"track-metadata-child_headline="solutions"track-type="footer link"track-metadata-module="footer"track-name="smart analytics"track-metadata-eventDetail="cloud.google.com/solutions/smart-analytics/"> Smart analytics </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/ai/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-metadata-position="footer"track-metadata-child_headline="solutions"track-type="footer link"track-metadata-module="footer"track-name="artificial intelligence"track-metadata-eventDetail="cloud.google.com/solutions/ai/"> Artificial Intelligence </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/security/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-child_headline="solutions"track-type="footer link"track-name="security"track-metadata-eventDetail="cloud.google.com/solutions/security/"track-metadata-position="footer"track-metadata-module="footer"> Security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://workspace.google.com/enterprise/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-eventDetail="workspace.google.com/enterprise/"track-name="productivity and work transformation"track-metadata-module="footer"track-type="footer link"target="_blank"track-metadata-position="footer"track-metadata-child_headline="solutions"> Productivity & work transformation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#industry-solutions" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="solutions"track-name="industry solutions"track-metadata-eventDetail="cloud.google.com/solutions/#industry-solutions"> Industry solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/devops/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-position="footer"track-metadata-child_headline="solutions"track-name="devops solutions"track-metadata-eventDetail="cloud.google.com/solutions/devops/"track-type="footer link"track-metadata-module="footer"> DevOps solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#section-14" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="solutions"track-name="small business solutions"track-metadata-eventDetail="cloud.google.com/solutions/#section-14"> Small business solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-name="see all solutions"track-metadata-eventDetail="cloud.google.com/solutions/"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="solutions"> See all solutions </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Resources</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/affiliate-program/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-module="footer"track-name="google cloud affiliate program"track-metadata-eventDetail="cloud.google.com/affiliate-program/"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="resources"> Google Cloud Affiliate Program </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-name="google cloud documentation"track-metadata-eventDetail="cloud.google.com/docs/"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="resources"> Google Cloud documentation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/get-started/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-eventDetail="cloud.google.com/docs/get-started/"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="resources"track-name="google cloud quickstarts"> Google Cloud quickstarts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/marketplace/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/marketplace/"track-type="footer link"track-name="google cloud marketplace"> Google Cloud Marketplace </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/discover/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-metadata-module="footer"track-name="learn about cloud computing"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="resources"track-metadata-eventDetail="learn/"> Learn about cloud computing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/support-hub/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-eventDetail="cloud.google.com/support-hub/"track-type="footer link"track-metadata-child_headline="resources"track-metadata-position="footer"track-name="support"track-metadata-module="footer"> Support </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/samples" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-child_headline="resources"track-metadata-module="footer"track-name="code samples"track-metadata-eventDetail="cloud.google.com/docs/samples"track-type="footer link"track-metadata-position="footer"> Code samples </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/architecture/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-eventDetail="cloud.google.com/architecture/"track-type="footer link"track-name="cloud architecture center"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="resources"> Cloud Architecture Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/training/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-name="training"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/training/"track-type="footer link"> Training </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/certification/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-metadata-child_headline="resources"track-name="certifications"track-metadata-eventDetail="cloud.google.com/certification"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"> Certifications </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//developers.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-type="footer link"track-metadata-module="footer"track-name="google developers"track-metadata-position="footer"target="_blank"track-metadata-eventDetail="developers.google.com"track-metadata-child_headline="resources"> Google for Developers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/startup/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-metadata-child_headline="resources"track-metadata-module="footer"track-name="google cloud for startups"track-type="footer link"track-metadata-eventDetail="cloud.google.com/startup/"track-metadata-position="footer"> Google Cloud for Startups </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//status.cloud.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" track-name="system status"track-metadata-position="footer"track-metadata-eventDetail="status.cloud.google.com"target="_blank"track-metadata-child_headline="resources"track-type="footer link"track-metadata-module="footer"> System status </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/release-notes" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 14)" track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/release-notes/"track-name="release notes"track-metadata-position="footer"track-metadata-child_headline="resources"track-type="footer link"> Release Notes </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Engage</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/contact/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-name="contact sales"track-metadata-eventDetail="cloud.google.com/contact/"track-metadata-child_headline="engage"track-metadata-module="footer"track-type="footer link"track-metadata-position="footer"> Contact sales </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/find-a-partner" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-eventDetail="cloud.google.com/find-a-partner"track-metadata-position="footer"track-metadata-child_headline="engage"track-type="footer link"target="_blank"track-name="find a partner"track-metadata-module="footer"> Find a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/partners/become-a-partner/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-module="footer"track-name="become a partner"track-metadata-eventDetail="cloud.google.com/partners/become-a-partner/"track-metadata-position="footer"track-metadata-child_headline="engage"track-type="footer link"> Become a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/events/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-eventDetail="cloud.withgoogle.com/events"track-metadata-position="footer"track-metadata-child_headline="engage"track-name="events"track-metadata-module="footer"track-type="footer link"> Events </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/podcasts/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" rel="noopener"track-type="footer link"track-metadata-module="footer"track-name="podcasts"track-metadata-eventDetail="cloud.google.com/podcasts/"target="_blank"track-metadata-position="footer"track-metadata-child_headline="engage"> Podcasts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/developers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-child_headline="engage"track-type="footer link"track-name="developer center"track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/developers/"track-metadata-position="footer"> Developer Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudpresscorner.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-eventDetail="www.googlecloudpresscorner.com"rel="noopener"track-metadata-position="footer"track-name="press corner"track-metadata-child_headline="engage"target="_blank"track-metadata-module="footer"track-type="footer link"> Press Corner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-name="google cloud on youtube"rel="noopener"track-metadata-eventDetail="www.youtube.com/googlecloud"track-metadata-position="footer"track-metadata-child_headline="engage"track-metadata-module="footer"target="_blank"track-type="footer link"> Google Cloud on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloudplatform" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-module="footer"track-metadata-eventDetail="www.youtube.com/googlecloudplatform"track-metadata-position="footer"target="_blank"track-metadata-child_headline="engage"track-name="google cloud tech on youtube"rel="noopener"track-type="footer link"> Google Cloud Tech on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//x.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-name="follow on x"target="_blank"track-metadata-module="footer"track-metadata-position="footer"track-metadata-eventDetail="x.com/googlecloud"track-metadata-child_headline="engage"rel="noopener"track-type="footer link"> Follow on X </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-type="footer link"track-metadata-module="footer"target="_blank"track-name="join user research"track-metadata-eventDetail="userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693"track-metadata-position="footer"track-metadata-child_headline="engage"> Join User Research </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//careers.google.com/cloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-metadata-module="footer"track-name="we are hiring join google cloud"track-metadata-position="footer"track-metadata-eventDetail="careers.google.com/cloud"track-metadata-child_headline="engage"track-type="footer link"target="_blank"> We're hiring. Join Google Cloud! </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudcommunity.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" track-type="footer link"rel="noopener"track-metadata-module="footer"track-metadata-eventDetail="www.googlecloudcommunity.com"target="_blank"track-metadata-child_headline="engage"track-metadata-position="footer"track-name="google cloud community"> Google Cloud Community </a> </li> </ul> </li> </ul> </nav> </devsite-footer-linkboxes> <devsite-footer-utility class="devsite-footer"> <div class="devsite-footer-utility nocontent"> <nav class="devsite-footer-utility-links" aria-label="Utility links"> <ul class="devsite-footer-utility-list"> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//about.google/" data-category="Site-Wide Custom Events" data-label="Footer About Google link" track-metadata-module="utility footer" target="_blank" track-name="about google" track-type="footer link" track-metadata-eventDetail="//about.google/" track-metadata-position="footer" > About Google </a> </li> <li class="devsite-footer-utility-item devsite-footer-privacy-link"> <a class="devsite-footer-utility-link gc-analytics-event" href="//policies.google.com/privacy" data-category="Site-Wide Custom Events" data-label="Footer Privacy link" track-metadata-position="footer" track-metadata-eventDetail="//policies.google.com/privacy" target="_blank" track-type="footer link" track-metadata-module="utility footer" track-name="privacy" > Privacy </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//www.google.com/intl/en/policies/terms/regional.html" data-category="Site-Wide Custom Events" data-label="Footer Site terms link" track-type="footer link" track-metadata-eventDetail="//www.google.com/intl/en/policies/terms/regional.html" track-metadata-position="footer" target="_blank" track-name="site terms" track-metadata-module="utility footer" > Site terms </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="/product-terms/" data-category="Site-Wide Custom Events" data-label="Footer Google Cloud terms link" track-type="footer link" track-metadata-module="utility footer" track-name="google cloud terms" track-metadata-eventDetail="/product-terms/" track-metadata-position="footer" > Google Cloud terms </a> </li> <li class="devsite-footer-utility-item glue-cookie-notification-bar-control"> <a class="devsite-footer-utility-link gc-analytics-event" href="#" data-category="Site-Wide Custom Events" data-label="Footer Manage cookies link" track-metadata-position="footer" track-metadata-eventDetail="#" track-type="footer link" track-metadata-module="utility footer" track-name="Manage cookies" aria-hidden="true" > Manage cookies </a> </li> <li class="devsite-footer-utility-item devsite-footer-carbon-button"> <a class="devsite-footer-utility-link gc-analytics-event" href="/sustainability" data-category="Site-Wide Custom Events" data-label="Footer Our third decade of climate action: join us link" track-name="Our third decade of climate action: join us" track-metadata-module="utility footer" track-type="footer link" track-metadata-eventDetail="/sustainability/" track-metadata-position="footer" > Our third decade of climate action: join us </a> </li> <li class="devsite-footer-utility-item devsite-footer-utility-button"> <span class="devsite-footer-utility-description">Sign up for the Google Cloud newsletter</span> <a class="devsite-footer-utility-link gc-analytics-event" href="/newsletter/" data-category="Site-Wide Custom Events" data-label="Footer Subscribe link" track-type="footer link" track-metadata-eventDetail="/newsletter/" track-metadata-position="footer" track-name="subscribe" track-metadata-module="utility footer" > Subscribe </a> </li> </ul> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> </nav> </div> </devsite-footer-utility> <devsite-panel></devsite-panel> </section></section> <devsite-sitemask></devsite-sitemask> <devsite-snackbar></devsite-snackbar> <devsite-tooltip ></devsite-tooltip> <devsite-heading-link></devsite-heading-link> <devsite-analytics> <script type="application/json" analytics>[]</script> <script type="application/json" tag-management>{&#34;at&#34;: &#34;True&#34;, &#34;ga4&#34;: [], &#34;ga4p&#34;: [], &#34;gtm&#34;: [{&#34;id&#34;: &#34;GTM-5CVQBG&#34;, &#34;purpose&#34;: 1}], &#34;parameters&#34;: {&#34;internalUser&#34;: &#34;False&#34;, &#34;language&#34;: {&#34;machineTranslated&#34;: &#34;False&#34;, &#34;requested&#34;: &#34;en&#34;, &#34;served&#34;: &#34;en&#34;}, &#34;pageType&#34;: &#34;article&#34;, &#34;projectName&#34;: &#34;Cloud KMS Documentation&#34;, &#34;signedIn&#34;: &#34;False&#34;, &#34;tenant&#34;: &#34;cloud&#34;, &#34;recommendations&#34;: {&#34;sourcePage&#34;: &#34;&#34;, &#34;sourceType&#34;: 0, &#34;sourceRank&#34;: 0, &#34;sourceIdenticalDescriptions&#34;: 0, &#34;sourceTitleWords&#34;: 0, &#34;sourceDescriptionWords&#34;: 0, &#34;experiment&#34;: &#34;&#34;}, &#34;experiment&#34;: {&#34;ids&#34;: &#34;&#34;}}}</script> </devsite-analytics> <devsite-badger></devsite-badger> <cloudx-user></cloudx-user> <cloudx-free-trial-eligible-store freeTrialEligible='true'></cloudx-free-trial-eligible-store> <cloudx-pricing-socket></cloudx-pricing-socket> <cloudx-experiments type="TestAACodivertedExperiment" path="/virtual/TestAACodivertedExperiment/configureExperiment" location="SG" variant="variant2" ></cloudx-experiments> <cloudx-experiment-ids userCountry="SG" devsiteExperimentIdList="[39300012, 39300021, 39300118, 39300196, 39300241, 39300319, 39300320, 39300325, 39300346, 39300354, 39300363, 39300374, 39300412, 39300421, 39300436, 39300473, 39300488, 39300496, 39300498, 39300570]"> </cloudx-experiment-ids> <script nonce="xhTPH+ySMn25Rquvy+RItY3JdtmOH9"> (function(d,e,v,s,i,t,E){d['GoogleDevelopersObject']=i; t=e.createElement(v);t.async=1;t.src=s;E=e.getElementsByTagName(v)[0]; E.parentNode.insertBefore(t,E);})(window, document, 'script', 'https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/js/app_loader.js', '[2,"en",null,"/js/devsite_app_module.js","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud","https://cloud-dot-devsite-v2-prod.appspot.com",null,null,["/_pwa/cloud/manifest.json","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/images/video-placeholder.svg","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/favicon.ico","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg","https://fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"],1,null,[1,6,8,12,14,17,21,25,50,52,63,70,75,76,80,87,91,92,93,97,98,100,101,102,103,104,105,107,108,109,110,112,113,116,117,118,120,122,124,125,126,127,129,130,131,132,133,134,135,136,138,140,141,147,148,149,151,152,156,157,158,159,161,163,164,168,169,170,179,180,182,183,186,191,193,196],"AIzaSyAP-jjEJBzmIyKR4F-3XITp8yM9T1gEEI8","AIzaSyB6xiKGDR5O3Ak2okS4rLkauxGUG7XP0hg","cloud.google.com","AIzaSyAQk0fBONSGUqCNznf6Krs82Ap1-NV6J4o","AIzaSyCCxcqdrZ_7QMeLCRY20bh_SXdAYqy70KY",null,null,null,["Profiles__require_profile_eligibility_for_signin","Profiles__enable_completecodelab_endpoint","TpcFeatures__enable_unmirrored_page_left_nav","Search__scope_to_project_tenant","Cloud__enable_llm_concierge_chat","Cloud__enable_cloudx_experiment_ids","Profiles__enable_developer_profiles_callout","Cloud__enable_cloud_dlp_service","Search__enable_suggestions_from_borg","MiscFeatureFlags__enable_explain_this_code","Profiles__enable_release_notes_notifications","MiscFeatureFlags__emergency_css","MiscFeatureFlags__enable_view_transitions","TpcFeatures__enable_mirror_tenant_redirects","Profiles__enable_page_saving","Cloud__enable_free_trial_server_call","CloudShell__cloud_code_overflow_menu","Profiles__enable_public_developer_profiles","DevPro__enable_developer_subscriptions","Experiments__reqs_query_experiments","CloudShell__cloud_shell_button","DevPro__enable_cloud_innovators_plus","Profiles__enable_complete_playlist_endpoint","MiscFeatureFlags__enable_project_variables","Concierge__enable_concierge_restricted","Search__enable_ai_search_summaries","Search__enable_ai_eligibility_checks","Profiles__enable_recognition_badges","Search__enable_ai_search_summaries_restricted","Search__enable_dynamic_content_confidential_banner","BookNav__enable_tenant_cache_key","MiscFeatureFlags__developers_footer_dark_image","Profiles__enable_dashboard_curated_recommendations","Cloud__enable_legacy_calculator_redirect","Cloud__enable_cloud_shell","Cloud__enable_cloudx_ping","Cloud__enable_cloud_shell_fte_user_flow","Analytics__enable_clearcut_logging","Profiles__enable_completequiz_endpoint","Cloud__enable_cloud_facet_chat","Profiles__enable_profile_collections","MiscFeatureFlags__enable_variable_operator","Profiles__enable_join_program_group_endpoint","Profiles__enable_stripe_subscription_management","Concierge__enable_pushui","EngEduTelemetry__enable_engedu_telemetry","MiscFeatureFlags__developers_footer_image","Profiles__enable_awarding_url","Search__enable_page_map","MiscFeatureFlags__enable_firebase_utm"],null,null,"AIzaSyBLEMok-5suZ67qRPzx0qUtbnLmyT_kCVE","https://developerscontentserving-pa.clients6.google.com","AIzaSyCM4QpTRSqP5qI4Dvjt4OAScIN8sOUlO-k","https://developerscontentsearch-pa.clients6.google.com",1,4,1,"https://developerprofiles-pa.clients6.google.com",[2,"cloud","Google Cloud","cloud.google.com",null,"cloud-dot-devsite-v2-prod.appspot.com",null,null,[1,1,null,null,null,null,null,null,null,null,null,[1],null,null,null,null,null,1,[1],[null,null,null,[1,20],"/terms/recommendations"],[1],null,[1],[1,null,1],[1,1,null,null,1,null,["/vertex-ai/"]]],null,[22,null,null,null,null,null,"/images/cloud-logo.svg","/images/favicons/onecloud/apple-icon.png",null,null,null,null,1,1,1,[6,5],[],null,null,[[],[],[],[],[],[],[],[]],null,1,null,null,null,null,[]],[],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[6,1,14,15,22,23,29,37],null,[[null,null,null,null,null,null,[1,[["docType","Choose a content type",[["ApiReference",null,null,null,null,null,null,null,null,"API reference"],["Sample",null,null,null,null,null,null,null,null,"Code sample"],["ReferenceArchitecture",null,null,null,null,null,null,null,null,"Reference architecture"],["Tutorial",null,null,null,null,null,null,null,null,"Tutorial"]]],["category","Choose a topic",[["AiAndMachineLearning",null,null,null,null,null,null,null,null,"Artificial intelligence and machine learning (AI/ML)"],["ApplicationDevelopment",null,null,null,null,null,null,null,null,"Application development"],["BigDataAndAnalytics",null,null,null,null,null,null,null,null,"Big data and analytics"],["Compute",null,null,null,null,null,null,null,null,"Compute"],["Containers",null,null,null,null,null,null,null,null,"Containers"],["Databases",null,null,null,null,null,null,null,null,"Databases"],["HybridCloud",null,null,null,null,null,null,null,null,"Hybrid and multicloud"],["LoggingAndMonitoring",null,null,null,null,null,null,null,null,"Logging and monitoring"],["Migrations",null,null,null,null,null,null,null,null,"Migrations"],["Networking",null,null,null,null,null,null,null,null,"Networking"],["SecurityAndCompliance",null,null,null,null,null,null,null,null,"Security and compliance"],["Serverless",null,null,null,null,null,null,null,null,"Serverless"],["Storage",null,null,null,null,null,null,null,null,"Storage"]]]]]],[1],null,1],[[null,null,null,null,null,["GTM-5CVQBG"],null,null,null,null,null,[["GTM-5CVQBG",2]],1],null,null,null,null,null,1],"mwETRvWii0eU5NUYprb0Y9z5GVbc",4,null,null,null,null,null,null,null,null,null,null,null,null,null,"cloud.devsite.google"],null,"pk_live_5170syrHvgGVmSx9sBrnWtA5luvk9BwnVcvIi7HizpwauFG96WedXsuXh790rtij9AmGllqPtMLfhe2RSwD6Pn38V00uBCydV4m",1]') </script> <devsite-a11y-announce></devsite-a11y-announce> </body> </html>