HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_kms.1
.TH "GCLOUD_KMS" 1



.SH "NAME"
.HP
gcloud kms \- manage cryptographic keys in the cloud



.SH "SYNOPSIS"
.HP
\f5gcloud kms\fR \fIGROUP\fR | \fICOMMAND\fR [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

The gcloud kms command group lets you generate, use, rotate and destroy Google
Cloud KMS keys.

Cloud KMS is a cloud\-hosted key management service that lets you manage
encryption for your cloud services the same way you do on\-premises. You can
generate, use, rotate and destroy AES256 encryption keys. Cloud KMS is
integrated with IAM and Cloud Audit Logging so that you can manage permissions
on individual keys, and monitor how these are used. Use Cloud KMS to protect
secrets and other sensitive data which you need to store in Google Cloud
Platform.

More information on Cloud KMS can be found here: https://cloud.google.com/kms/
and detailed documentation can be found here: https://cloud.google.com/kms/docs/



.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-help.

Run \fB$ gcloud help\fR for details.



.SH "GROUPS"

\f5\fIGROUP\fR\fR is one of the following:

.RS 2m
.TP 2m
\fBautokey\-config\fR

Update and retrieve the AutokeyConfig.

.TP 2m
\fBekm\-config\fR

Update and retrieve the EkmConfig.

.TP 2m
\fBekm\-connections\fR

Create and manage ekm connections.

.TP 2m
\fBimport\-jobs\fR

Create and manage import jobs.

.TP 2m
\fBinventory\fR

Manages the KMS Inventory and Key Tracking commands.

.TP 2m
\fBkey\-handles\fR

Create and manage KeyHandle resources.

.TP 2m
\fBkeyrings\fR

Create and manage keyrings.

.TP 2m
\fBkeys\fR

Create and manage keys.

.TP 2m
\fBlocations\fR

View locations available for a project.


.RE
.sp

.SH "COMMANDS"

\f5\fICOMMAND\fR\fR is one of the following:

.RS 2m
.TP 2m
\fBasymmetric\-decrypt\fR

Decrypt an input file using an asymmetric\-encryption key version.

.TP 2m
\fBasymmetric\-sign\fR

Sign a user input file using an asymmetric\-signing key version.

.TP 2m
\fBdecapsulate\fR

Decapsulate an input file using a key\-encapsulation key version.

.TP 2m
\fBdecrypt\fR

Decrypt a ciphertext file using a Cloud KMS key.

.TP 2m
\fBencrypt\fR

Encrypt a plaintext file using a key.

.TP 2m
\fBmac\-sign\fR

Sign a user input file using a MAC key version.

.TP 2m
\fBmac\-verify\fR

Verify a user signature file using a MAC key version.

.TP 2m
\fBraw\-decrypt\fR

Decrypt a ciphertext file using a raw key.

.TP 2m
\fBraw\-encrypt\fR

Encrypt a plaintext file using a raw key.


.RE
.sp

.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha kms
.RE

.RS 2m
$ gcloud beta kms
.RE
@ Telegram