googleapis/java-kms

Java idiomatic client for Cloud Key Management Service.

• Product Documentation
• Client Library Documentation

If you are using Maven with BOM, add this to your pom.xml file:

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>libraries-bom</artifactId>
      <version>26.0.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

<dependencies>
  <dependency>
    <groupId>com.google.cloud</groupId>
    <artifactId>google-cloud-kms</artifactId>
  </dependency>
</dependencies>

If you are using Maven without BOM, add this to your dependencies:

<dependency>
  <groupId>com.google.cloud</groupId>
  <artifactId>google-cloud-kms</artifactId>
  <version>2.5.3</version>
</dependency>

If you are using Gradle 5.x or later, add this to your dependencies:

implementation platform('com.google.cloud:libraries-bom:26.0.0')

implementation 'com.google.cloud:google-cloud-kms'

If you are using Gradle without BOM, add this to your dependencies:

implementation 'com.google.cloud:google-cloud-kms:2.6.0'

If you are using SBT, add this to your dependencies:

libraryDependencies += "com.google.cloud" % "google-cloud-kms" % "2.6.0"

See the Authentication section in the base directory's README.

The client application making API calls must be granted authorization scopes required for the desired Cloud Key Management Service APIs, and the authenticated principal must have the IAM role(s) required to access GCP resources using the Cloud Key Management Service API calls.

You will need a Google Cloud Platform Console project with the Cloud Key Management Service API enabled. You will need to enable billing to use Google Cloud Key Management Service. Follow these instructions to get your project set up. You will also need to set up the local development environment by installing the Google Cloud SDK and running the following commands in command line: gcloud auth login and gcloud config set project [YOUR PROJECT ID].

You'll need to obtain the google-cloud-kms library. See the Quickstart section to add google-cloud-kms as a dependency in your code.

Cloud Key Management Service a cloud-hosted key management service that lets you manage cryptographic keys for your cloud services the same way you do on-premises. You can generate, use, rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys. Cloud KMS is integrated with Cloud IAM and Cloud Audit Logging so that you can manage permissions on individual keys and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data that you need to store in Google Cloud Platform.

See the Cloud Key Management Service client library docs to learn how to use this Cloud Key Management Service Client Library.

Samples are in the samples/ directory.

Sample	Source Code	Try it
Create Key Asymmetric Decrypt	source code
Create Key Asymmetric Sign	source code
Create Key Hsm	source code
Create Key Labels	source code
Create Key Mac	source code
Create Key Ring	source code
Create Key Rotation Schedule	source code
Create Key Symmetric Encrypt Decrypt	source code
Create Key Version	source code
Decrypt Asymmetric	source code
Decrypt Symmetric	source code
Destroy Key Version	source code
Disable Key Version	source code
Enable Key Version	source code
Encrypt Asymmetric	source code
Encrypt Symmetric	source code
Generate Random Bytes	source code
Get Key Labels	source code
Get Key Version Attestation	source code
Get Public Key	source code
Iam Add Member	source code
Iam Get Policy	source code
Iam Remove Member	source code
Quickstart	source code
Restore Key Version	source code
Sign Asymmetric	source code
Sign Mac	source code
Update Key Add Rotation	source code
Update Key Remove Labels	source code
Update Key Remove Rotation	source code
Update Key Set Primary	source code
Update Key Update Labels	source code
Verify Asymmetric Ec	source code
Verify Asymmetric Rsa	source code
Verify Mac	source code

To get help, follow the instructions in the shared Troubleshooting document.

Cloud Key Management Service uses gRPC for the transport layer.

Java 8 or above is required for using this client.

Google's Java client libraries, Google Cloud Client Libraries and Google Cloud API Libraries, follow the Oracle Java SE support roadmap (see the Oracle Java SE Product Releases section).

In general, new feature development occurs with support for the lowest Java LTS version covered by Oracle's Premier Support (which typically lasts 5 years from initial General Availability). If the minimum required JVM for a given library is changed, it is accompanied by a semver major release.

Java 11 and (in September 2021) Java 17 are the best choices for new development.

Google tests its client libraries with all current LTS versions covered by Oracle's Extended Support (which typically lasts 8 years from initial General Availability).

Google's client libraries support legacy versions of Java runtimes with long term stable libraries that don't receive feature updates on a best efforts basis as it may not be possible to backport all es.

Google provides updates on a best efforts basis to apps that continue to use Java 7, though apps might need to upgrade to current versions of the library that supports their JVM.

The latest versions and the supported Java versions are identified on the individual repository .com/GoogleAPIs/java-SERVICENAME and on google-cloud-java.

This library follows Semantic Versioning.

Contributions to this library are always welcome and highly encouraged.

See CONTRIBUTING for more information how to get started.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See Code of Conduct for more information.

Apache 2.0 - See LICENSE for more information.

Java Version	Status
Java 8
Java 8 OSX
Java 8 Windows
Java 11

Java is a registered trademark of Oracle and/or its affiliates.