diff --git a/README.md b/README.md
index 7fc0cdd..c69e1b4 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,7 @@ Functional examples are included in the
 | key\_rotation\_period |  | string | `"100000s"` | no |
 | keyring | Keyring name. | string | n/a | yes |
 | keys | Key names. | list(string) | `<list>` | no |
+| labels | Labels, provided as a map | map(string) | `<map>` | no |
 | location | Location for the keyring. | string | n/a | yes |
 | owners | List of comma-separated owners for each key declared in set_owners_for. | list(string) | `<list>` | no |
 | prevent\_destroy | Set the prevent_destroy lifecycle attribute on keys. | string | `"true"` | no |
diff --git a/main.tf b/main.tf
index 467e164..9c0d422 100644
--- a/main.tf
+++ b/main.tf
@@ -38,6 +38,8 @@ resource "google_kms_crypto_key" "key" {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level
   }
+
+  labels = var.labels
 }
 
 resource "google_kms_crypto_key" "key_ephemeral" {
@@ -54,6 +56,8 @@ resource "google_kms_crypto_key" "key_ephemeral" {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level
   }
+
+  labels = var.labels
 }
 
 resource "google_kms_crypto_key_iam_binding" "owners" {
diff --git a/variables.tf b/variables.tf
index 85aca09..15aa15b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -93,3 +93,9 @@ variable "key_protection_level" {
   description = "The protection level to use when creating a version based on this template. Default value: \"SOFTWARE\" Possible values: [\"SOFTWARE\", \"HSM\"]"
   default     = "SOFTWARE"
 }
+
+variable "labels" {
+  type        = map(string)
+  description = "Labels, provided as a map"
+  default     = {}
+}