This page documents production updates to Cloud Key Management Service. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
Current version: v1
You can see the latest product updates for all of Trusted Cloud by S3NS on the Trusted Cloud page, browse and filter all release notes in the Trusted Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
February 21, 2025
Cloud KMS now supports the following post-quantum computing (PQC) algorithms for digital signatures in Public Preview:
PQ_SIGN_ML_DSA_65: Module-lattice-based digital signature algorithmPQ_SIGN_SLH_DSA_SHA2_128S: Stateless hash-based digital signature algorithm
To Retrieve a public key for a PQC key, you must use the gcloud CLI or the Cloud KMS REST API.
- For the
gcloudCLI, use the--public-key-format nist-pqcflag. - For the REST API, use the
public_key_format=NIST_PQCheader parameter.
For more information about PQC algorithms, see PQC signing algorithms. For more information about PQC digital signatures, see Post-quantum cryptography (PQC) digital signature.
October 18, 2024
You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud KMS resources. For more information, see Create custom organization policy constraints for Cloud KMS.