Which is the difference between these google KMS client packages? (CloudKMS vs KeyManagementServiceClient)

Question

I have a java codebase that seems to be using "com.google.api.services.cloudkms.v1.CloudKMS" to call KMS. The online docs says to use "com.google.cloud.kms.v1.KeyManagementServiceClient"

When i looked up both packages seem to be updated, however the reference docs recommend using the latter.

https://developers.google.com/resources/api-libraries/documentation/cloudkms/v1/java/latest/com/google/api/services/cloudkms/v1/CloudKMS.html

https://cloud.google.com/kms/docs/reference/libraries

Could someone tell me what is the difference between these 2 clients packages and if i should move to the one the reference links to?

Answer 1

In general, you should prefer the library referenced on the Reference Libraries page, currently com.google.cloud.kms. The examples and tutorials on the website will use this client library.

Probably more history than you need to know, but we have two client libraries because they run over different protocols. The new libraries (the one's listed on the reference page) use gRPC to communicate. This means less bandwidth and less time spent serializing/de-serializing JSON. On the flip side, gRPC requires HTTP/2, and some organizations can't/won't support HTTP/2 yet. As a result, we still publish and maintain legacy libraries that are REST over HTTP/1. It is strongly recommended you use the gRPC ones unless you can't use HTTP/2.

You can read more about the background and technical details in Kickstart your cryptography with new Cloud KMS client libraries and samples.