Kickstart your cryptography with new Cloud KMS client libraries and samples

Cloud Key Management Service (KMS) is a fast, scalable, and automated cryptographic key management service that provides symmetric and asymmetric support for encryption and signing. It also provides fully automated and at-will key rotation, rich auditing and logging functionality, and deep integrations with Cloud Identity and Access Management (IAM), all backed by global high availability.

Today we are pleased to announce our new client libraries and code samples for Cloud KMS. These new client libraries are available today and support full Cloud KMS API coverage in seven programming languages:  C#, Go, Java, Node, PHP, Python, and Ruby.

In addition to the new client libraries, we are also releasing a revamped collection of code samples for interacting with Cloud KMS. These code samples showcase common Cloud KMS functionality using the official client library and the idiomatic patterns of the language, making it easy to start integrating Cloud KMS into applications and services.

What’s new?

The new Cloud KMS client libraries offer new features and functionality including:

  • gRPC for communicationgRPC is an open source Cloud Native Computing Foundation (CNCF) project that largely follows traditional HTTP semantics, but allows for full-duplex streaming and is used at companies like Square, Netflix, Docker, and Google. By switching to gRPC over HTTP/2, the new client libraries provide lower latency and higher scalability.
  • Language-idiomatic – Partnering with Google’s internal language experts and external community members, we designed the new libraries follow the idiomatic patterns of their respective languages. The new libraries will feel more welcoming and natural to users.
  • API parity – By leveraging code generation, the new client libraries offer more API parity for available Cloud KMS functions, fields, and parameters. As we add new fields or methods to the Cloud KMS API, these new client libraries are automatically regenerated with support for that functionality. This means you will be able to programatically adopt new features and functionality faster.

Getting started

To get started, install an official client library using your language’s preferred dependency management software. For example in the Go programming language:

Then import the client library and call the functions as needed. Here is an example that encrypts the plaintext string “my secret” using a Cloud KMS key in the Go programming language:

For more information about installation, usage, samples, or authentication, please see the Cloud KMS client libraries documentation.

Choosing between new and existing Cloud KMS client libraries

We encourage you to adopt the new libraries as they are faster, more consistent, and more performant than their predecessors. At the same time, there are use cases where the new libraries are not a viable replacement, such as regulated environments that don’t permit HTTP/2. This is one of many reasons why we are not deprecating the old client libraries, and will continue to support them. We want you to be successful when using our Cloud KMS client libraries, regardless of which one you choose.

We realize the decision to have two client libraries providing similar functionality may be confusing, but we feel this approach is less disruptive than removing an existing client library from an ecosystem. To aid in the transition, we have already updated the documentation and samples on cloud.google.com to reference the new libraries, and we will be marking the old libraries as “not recommended” and discourage their use in new projects.

Toward a great, secure developer experience

The Cloud KMS client libraries enable organizations to focus on building better and more secure applications by offloading key management to Cloud KMS while retaining full transparency and access over keys. These new libraries provide complete coverage of the Cloud KMS APIs and consistency across languages for polyglot organizations. We are excited to see how these new client libraries enable organizations to build great integrations on GCP. Be sure to follow us on Twitter to leave feedback and ask any questions.