Service APIs Overview

Cloud Key Management Service has both traditional REST/HTTP and gRPC interfaces. If you don't want to use our client libraries to access the Cloud Key Management Service API, you have the option of writing your own client libraries that use its REST/HTTP or gRPC API surface. We recommend this approach only if your programming language or other needs are not met by the provided client libraries.


You can generate your own gRPC client libraries in any gRPC-supported language for the Cloud Key Management Service API from its .proto service definition using these resources:


There are a number of options for interacting with a service's REST interface. To create your own clients, use the following resources:

Service Endpoints

Cloud KMS has global and regional service endpoints. The global REST/HTTP endpoint is and the global gRPC endpoint is The global endpoint routes requests to a regional service in the location specified by the resource name.

The regional REST/HTTP endpoints are http://<region> and the regional gRPC endpoints are <region>, substituting <region> for any of the supported regional, dual-regional, or multi-regional Cloud KMS locations. These endpoints are isolated by location, meaning each endpoint routes requests to a regional service in the location specified by the endpoint name. If the location specified by the resource name doesn't match the location specified by the endpoint, the request will fail.