Cloud Key Management Service (KMS) C++ Client Library
An idiomatic C++ client library for Cloud Key Management Service (KMS), a service that manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
While this library is GA, please note Google Cloud C++ client libraries do not follow Semantic Versioning.
Quickstart
The following shows the code that you'll run in the google/cloud/kms/quickstart/ directory, which should give you a taste of the KMS C++ client library API.
This library offers multiple *Client classes, which are listed below. Each one of these classes exposes all the RPCs for a gRPC service as member functions of the class. This library groups multiple gRPC services because they are part of the same product or are often used together. A typical example may be the administrative and data plane operations for a single product.
The library also has other classes that provide helpers, configuration parameters, and infrastructure to mock the *Client classes when testing your application.
The library automatically retries requests that fail with transient errors, and uses exponential backoff to backoff between retries. Application developers can override the default policies.
More Information
Error Handling - describes how the library reports errors.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThis webpage provides documentation for the Cloud Key Management Service (KMS) C++ Client Library, which facilitates managing keys and performing cryptographic operations within Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThe library is currently in General Availability (GA) but does not adhere to Semantic Versioning, and has an available quickstart to demonstrate the libraries API.\u003c/p\u003e\n"],["\u003cp\u003eThe documentation lists various versions of the library, from version 2.10.1 up to the latest release candidate 2.37.0-rc, alongside the latest stable release of 2.36.0.\u003c/p\u003e\n"],["\u003cp\u003eThe library offers multiple client classes like \u003ccode\u003eKeyDashboardServiceClient\u003c/code\u003e, \u003ccode\u003eKeyTrackingServiceClient\u003c/code\u003e, \u003ccode\u003eEkmServiceClient\u003c/code\u003e, and \u003ccode\u003eKeyManagementServiceClient\u003c/code\u003e, and it also offers details on the retry, backoff, and idempotency policy.\u003c/p\u003e\n"],["\u003cp\u003eThe library offers multiple links to more information, such as Error Handling, overriding the Default Endpoint, overriding the Authentication Credentials and Environment variables.\u003c/p\u003e\n"]]],[],null,["Version 2.12.0keyboard_arrow_down\n\n- [2.42.0-rc (latest)](/cpp/docs/reference/kms/latest)\n- [2.41.0](/cpp/docs/reference/kms/2.41.0)\n- [2.40.0](/cpp/docs/reference/kms/2.40.0)\n- [2.39.0](/cpp/docs/reference/kms/2.39.0)\n- [2.38.0](/cpp/docs/reference/kms/2.38.0)\n- [2.37.0](/cpp/docs/reference/kms/2.37.0)\n- [2.36.0](/cpp/docs/reference/kms/2.36.0)\n- [2.35.0](/cpp/docs/reference/kms/2.35.0)\n- [2.34.0](/cpp/docs/reference/kms/2.34.0)\n- [2.33.0](/cpp/docs/reference/kms/2.33.0)\n- [2.32.0](/cpp/docs/reference/kms/2.32.0)\n- [2.31.0](/cpp/docs/reference/kms/2.31.0)\n- [2.30.0](/cpp/docs/reference/kms/2.30.0)\n- [2.29.0](/cpp/docs/reference/kms/2.29.0)\n- [2.28.0](/cpp/docs/reference/kms/2.28.0)\n- [2.27.0](/cpp/docs/reference/kms/2.27.0)\n- [2.26.0](/cpp/docs/reference/kms/2.26.0)\n- [2.25.1](/cpp/docs/reference/kms/2.25.1)\n- [2.24.0](/cpp/docs/reference/kms/2.24.0)\n- [2.23.0](/cpp/docs/reference/kms/2.23.0)\n- [2.22.1](/cpp/docs/reference/kms/2.22.1)\n- [2.21.0](/cpp/docs/reference/kms/2.21.0)\n- [2.20.0](/cpp/docs/reference/kms/2.20.0)\n- [2.19.0](/cpp/docs/reference/kms/2.19.0)\n- [2.18.0](/cpp/docs/reference/kms/2.18.0)\n- [2.17.0](/cpp/docs/reference/kms/2.17.0)\n- [2.16.0](/cpp/docs/reference/kms/2.16.0)\n- [2.15.1](/cpp/docs/reference/kms/2.15.1)\n- [2.14.0](/cpp/docs/reference/kms/2.14.0)\n- [2.13.0](/cpp/docs/reference/kms/2.13.0)\n- [2.12.0](/cpp/docs/reference/kms/2.12.0)\n- [2.11.0](/cpp/docs/reference/kms/2.11.0)\n- [2.10.1](/cpp/docs/reference/kms/2.10.1) \n\nCloud Key Management Service (KMS) C++ Client Library\n=====================================================\n\nAn idiomatic C++ client library for [Cloud Key Management Service (KMS)](https://cloud.google.com/kms/), a service that manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.\n\nWhile this library is **GA** , please note Google Cloud C++ client libraries do **not** follow [Semantic Versioning](https://semver.org/).\n\n### Quickstart\n\nThe following shows the code that you'll run in the `google/cloud/kms/quickstart/` directory, which should give you a taste of the KMS C++ client library API. \n\n #include \"google/cloud/kms/v1/key_management_client.h\"\n #include \"google/cloud/project.h\"\n #include \u003ciostream\u003e\n\n int main(int argc, char* argv[]) try {\n if (argc != 3) {\n std::cerr \u003c\u003c \"Usage: \" \u003c\u003c argv[0] \u003c\u003c \" project-id location-id\\n\";\n return 1;\n }\n\n namespace kms = ::google::cloud::kms_v1;\n auto client = kms::KeyManagementServiceClient(\n kms::MakeKeyManagementServiceConnection());\n\n auto const parent =\n std::string{\"projects/\"} + argv[1] + \"/locations/\" + argv[2];\n for (auto r : client.ListKeyRings(parent)) {\n if (!r) throw std::move(r).status();\n std::cout \u003c\u003c r-\u003eDebugString() \u003c\u003c \"\\n\";\n }\n\n return 0;\n } catch (google::cloud::Status const& status) {\n std::cerr \u003c\u003c \"google::cloud::Status thrown: \" \u003c\u003c status \u003c\u003c \"\\n\";\n return 1;\n }\n\n### Main classes\n\nThis library offers multiple `*Client` classes, which are listed below. Each one of these classes exposes all the RPCs for a gRPC `service` as member functions of the class. This library groups multiple gRPC services because they are part of the same product or are often used together. A typical example may be the administrative and data plane operations for a single product.\n\nThe library also has other classes that provide helpers, configuration parameters, and infrastructure to mock the `*Client` classes when testing your application.\n\n- [`kms_inventory_v1::KeyDashboardServiceClient`](/cpp/docs/reference/kms/2.12.0/classgoogle_1_1cloud_1_1kms__inventory__v1_1_1KeyDashboardServiceClient)\n- [`kms_inventory_v1::KeyTrackingServiceClient`](/cpp/docs/reference/kms/2.12.0/classgoogle_1_1cloud_1_1kms__inventory__v1_1_1KeyTrackingServiceClient)\n- [`kms_v1::EkmServiceClient`](/cpp/docs/reference/kms/2.12.0/classgoogle_1_1cloud_1_1kms__v1_1_1EkmServiceClient)\n- [`kms_v1::KeyManagementServiceClient`](/cpp/docs/reference/kms/2.12.0/classgoogle_1_1cloud_1_1kms__v1_1_1KeyManagementServiceClient)\n\n### Retry, Backoff, and Idempotency Policies.\n\nThe library automatically retries requests that fail with transient errors, and uses [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff) to backoff between retries. Application developers can override the default policies.\n\n### More Information\n\n- [Error Handling](https://cloud.google.com/cpp/docs/reference/common/latest/common-error-handling.html) - describes how the library reports errors.\n- [How to Override the Default Endpoint](/cpp/docs/reference/kms/2.12.0/kms-override-endpoint) - describes how to override the default endpoint.\n- [How to Override the Authentication Credentials](/cpp/docs/reference/kms/2.12.0/kms-override-authentication) - describes how to change the authentication credentials used by the library.\n- [Environment Variables](/cpp/docs/reference/kms/2.12.0/kms-env) - describes environment variables that can configure the behavior of the library."]]
