NAME gcloud kms - manage cryptographic keys in the cloud SYNOPSIS gcloud kms GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION The gcloud kms command group lets you generate, use, rotate and destroy Google Cloud KMS keys. Cloud KMS is a cloud-hosted key management service that lets you manage encryption for your cloud services the same way you do on-premises. You can generate, use, rotate and destroy AES256 encryption keys. Cloud KMS is integrated with IAM and Cloud Audit Logging so that you can manage permissions on individual keys, and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data which you need to store in Google Cloud Platform. More information on Cloud KMS can be found here: https://cloud.google.com/kms/ and detailed documentation can be found here: https://cloud.google.com/kms/docs/ GCLOUD WIDE FLAGS These flags are available to all commands: --help. Run $ gcloud help for details. GROUPS GROUP is one of the following: ekm-config Update and retrieve the EkmConfig. ekm-connections Create and manage ekm connections. import-jobs Create and manage import jobs. inventory Manages the KMS Inventory and Key Tracking commands. keyrings Create and manage keyrings. keys Create and manage keys. locations View locations available for a project. COMMANDS COMMAND is one of the following: asymmetric-decrypt Decrypt an input file using an asymmetric-encryption key version. asymmetric-sign Sign a user input file using an asymmetric-signing key version. decrypt Decrypt a ciphertext file using a Cloud KMS key. encrypt Encrypt a plaintext file using a key. mac-sign Sign a user input file using a MAC key version. mac-verify Verify a user signature file using a MAC key version. raw-decrypt Decrypt a ciphertext file using a raw key. raw-encrypt Encrypt a plaintext file using a raw key. NOTES These variants are also available: $ gcloud alpha kms $ gcloud beta kms