When you refer to a Cloud Key Management Service resource using the Cloud KMS API or Google Cloud CLI, you use the resource ID. For example, you can use the resource ID of a key ring to grant an Identity and Access Management (IAM) role on that key ring. This topic shows how to get the ID for a key ring, a key, and a key version.
Getting the resource ID for a key ring
Console
-
Go to the Key Managementpage in the Google Cloud console.
-
Click More more_vert for the key ring.
-
Click Copy resource name. The resource ID for the key ring is copied to your clipboard.
gcloud
List all key rings in a location:
gcloud kms keyrings list --location LOCATION
The Namecolumn of the output includes the resource ID for each key ring. For example:
projects/ PROJECT_ID /locations/ LOCATION /keyRings/ KEY_RING
Getting the ID for a key and version
Console
-
Go to the Key Managementpage in the Google Cloud console.
-
Select the key ring that contains the key.
-
For the key whose resource ID you are retrieving, click More more_vert .
-
Click Copy resource name. The resource ID for the key is copied to your clipboard. Its format is similar to the following:
projects/ PROJECT_ID /locations/ LOCATION /keyRings/ KEY_RING /cryptoKeys/ KEY_NAME
-
A key contains zero or more key versions. The resource ID for a key version is the key ID, plus a slash (
/
), plus the version ID. To list all versions for a key, click the key's name. Click the Moreicon for the version, and click Copy resource name.
gcloud
List all keys on a given key ring:
gcloud kms keys list --keyring KEY_RING --location LOCATION
The Namecolumn of the output includes the resource ID for each key. For example:
projects/ PROJECT_ID /locations/ LOCATION /keyRings/ KEY_RING /cryptoKeys/ KEY_NAME
A key has zero or more key versions. The resource ID for a key version is
the key ID, plus a slash ( /
), plus the version ID. To list all versions
for a key:
gcloud kms keys versions list --location LOCATION --keyring KEY_RING --key KEY_NAME
The Namecolumn of the output includes the resource ID for each key version. For example:
projects/ PROJECT_ID /locations/ LOCATION /keyRings/ KEY_RING /cryptoKeys/ KEY_NAME /2
What's next
- Learn more about permissions and roles in Cloud KMS.
- Manage access to Cloud KMS resources .
- Rotate a key .