diff --git a/generated.go b/generated.go
index a9f6694..b9448a2 100644
--- a/generated.go
+++ b/generated.go
@@ -29,6 +29,10 @@ const (
 	pairDefaultStoragePairs = "gcs_default_storage_pairs"
 	// EncryptionKey is the customer's 32-byte AES-256 key
 	pairEncryptionKey = "gcs_encryption_key"
+	// KmsKeyName is the Cloud KMS key resource. For example, `projects/my-pet-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key`.
+	//
+	// Refer to https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key for more details.
+	pairKmsKeyName = "gcs_kms_key_name"
 	// ProjectID
 	pairProjectID = "gcs_project_id"
 	// StorageClass
@@ -89,6 +93,17 @@ func WithEncryptionKey(v []byte) Pair {
 	}
 }
 
+// WithKmsKeyName will apply kms_key_name value to Options
+// KmsKeyName is the Cloud KMS key resource. For example, `projects/my-pet-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key`.
+//
+// Refer to https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key for more details.
+func WithKmsKeyName(v string) Pair {
+	return Pair{
+		Key:   pairKmsKeyName,
+		Value: v,
+	}
+}
+
 // WithProjectID will apply project_id value to Options
 // ProjectID
 func WithProjectID(v string) Pair {
@@ -703,6 +718,8 @@ type pairStorageWrite struct {
 	EncryptionKey    []byte
 	HasIoCallback    bool
 	IoCallback       func([]byte)
+	HasKmsKeyName    bool
+	KmsKeyName       string
 	HasStorageClass  bool
 	StorageClass     string
 	// Generated pairs
@@ -730,6 +747,9 @@ func (s *Storage) parsePairStorageWrite(opts []Pair) (pairStorageWrite, error) {
 		case "io_callback":
 			result.HasIoCallback = true
 			result.IoCallback = v.Value.(func([]byte))
+		case pairKmsKeyName:
+			result.HasKmsKeyName = true
+			result.KmsKeyName = v.Value.(string)
 		case pairStorageClass:
 			result.HasStorageClass = true
 			result.StorageClass = v.Value.(string)
diff --git a/service.toml b/service.toml
index fefe8c6..60f4207 100644
--- a/service.toml
+++ b/service.toml
@@ -15,12 +15,16 @@ optional = ["list_mode"]
 optional = ["offset", "io_callback", "size", "encryption_key"]
 
 [namespace.storage.op.write]
-optional = ["content_md5", "content_type", "io_callback", "storage_class", "encryption_key"]
+optional = ["content_md5", "content_type", "io_callback", "storage_class", "encryption_key", "kms_key_name"]
 
 [pairs.encryption_key]
 type = "byte_array"
 description = "is the customer's 32-byte AES-256 key"
 
+[pairs.kms_key_name]
+type = "string"
+description = "is the Cloud KMS key resource. For example, `projects/my-pet-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key`.\n\nRefer to https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key for more details."
+
 [pairs.default_service_pairs]
 type = "DefaultServicePairs"
 description = "set default pairs for service actions"
diff --git a/storage.go b/storage.go
index d68f5e3..f80db9d 100644
--- a/storage.go
+++ b/storage.go
@@ -193,6 +193,9 @@ func (s *Storage) write(ctx context.Context, path string, r io.Reader, size int6
 	if opt.HasStorageClass {
 		w.StorageClass = opt.StorageClass
 	}
+	if opt.HasKmsKeyName {
+		w.KMSKeyName = opt.KmsKeyName
+	}
 	if opt.HasIoCallback {
 		r = iowrap.CallbackReader(r, opt.IoCallback)
 	}