- NAME
-
- gcloud alpha kms ekm-connections create - create a new ekm connection
- SYNOPSIS
-
-
gcloud alpha kms ekm-connections create
(EKM_CONNECTION
:--location
=LOCATION
)--hostname
=HOSTNAME
--server-certificates-files
=[SERVER_CERTIFICATES
,…]--service-directory-service
=SERVICE_DIRECTORY_SERVICE
[--endpoint-filter
=ENDPOINT_FILTER
] [--crypto-space-path
=CRYPTO_SPACE_PATH
--key-management-mode
=KEY_MANAGEMENT_MODE
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
Creates a new connection within the given location. - EXAMPLES
-
The following command creates an ekm connection named
laplace
within the locationus-central1
:gcloud alpha kms ekm-connections create laplace --location=us-central1 --service-directory-service="foo" --endpoint-filter="foo > bar" --hostname="hostname.foo" --server-certificates-files=foo.pem,bar.pem
The following command creates an ekm connection named
laplace
within the locationus-central1
incloud-kms
key management mode with the required crypto-space-path :gcloud alpha kms ekm-connections create laplace --location=us-central1 --service-directory-service="foo" --endpoint-filter="foo > bar" --hostname="hostname.foo" --key-management-mode=cloud-kms --crypto-space-path="foo" --server-certificates-files=foo.pem,bar.pem
- POSITIONAL ARGUMENTS
-
-
Ekmconnection resource - The KMS ekm connection resource. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
To set the
project
attribute:-
provide the argument
ekm_connection
on the command line with a fully specified name; -
set the property
core/project
.
This must be specified.
EKM_CONNECTION
-
ID of the ekmconnection or fully qualified identifier for the ekmconnection.
To set the
ekmconnection
attribute:-
provide the argument
ekm_connection
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
The Google Cloud location for the ekmconnection.
To set the
location
attribute:-
provide the argument
ekm_connection
on the command line with a fully specified name; -
provide the argument
--location
on the command line.
-
provide the argument
-
provide the argument
-
Ekmconnection resource - The KMS ekm connection resource. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
- REQUIRED FLAGS
-
--hostname
=HOSTNAME
- The hostname of the EKM replica used at TLS and HTTP layers.
--server-certificates-files
=[SERVER_CERTIFICATES
,…]- A list of filenames of leaf server certificates used to authenticate HTTPS connections to the EKM replica in PEM format. If files are not in PEM, the assumed format will be DER.
--service-directory-service
=SERVICE_DIRECTORY_SERVICE
- The resource name of the Service Directory service pointing to an EKM replica.
- OPTIONAL FLAGS
-
--endpoint-filter
=ENDPOINT_FILTER
- The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered.
-
Specifies the key management mode for the EkmConnection and associated fields.
--crypto-space-path
=CRYPTO_SPACE_PATH
-
Crypto space path for the EkmConnection. Required during EkmConnection creation
if
--key-management-mode=cloud-kms
. --key-management-mode
=KEY_MANAGEMENT_MODE
-
Key management mode of the ekm connection. An EkmConnection in
cloud-kms
mode means Cloud KMS will attempt to create and manage the key material that resides on the EKM for crypto keys created with this EkmConnection. An EkmConnection inmanual
mode means the external key material will not be managed by Cloud KMS. Omitting the flag defaults tomanual
.KEY_MANAGEMENT_MODE
must be one of:manual
,cloud-kms
.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud kms ekm-connections create
gcloud beta kms ekm-connections create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.