gcloud alpha kms inventory search-protected-resources

NAME
gcloud alpha kms inventory search-protected-resources - searches the resources protected by a key
SYNOPSIS
gcloud alpha kms inventory search-protected-resources --scope=ORGANIZATION_ID (--keyname=KEYNAME : --keyring=KEYRING --location=LOCATION) [--resource-types=[RESOURCE_TYPES,…]] [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,…]] [--uri] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) gcloud alpha kms inventory search-protected-resources returns a list of the resources a key is protecting within the specified organization.
EXAMPLES
To view the protected resources for the key puppy and organization number 1234 run:
gcloud alpha kms inventory search-protected-resources --keyname=puppy --scope=1234
REQUIRED FLAGS
--scope=ORGANIZATION_ID
Organization ID.
Key resource - The KMS key resource. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument --keyname on the command line with a fully specified name;
  • set the property core/project.

This must be specified.

--keyname=KEYNAME
ID of the key or fully qualified identifier for the key.

To set the key attribute:

  • provide the argument --keyname on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--keyring=KEYRING
The KMS keyring of the key.

To set the keyring attribute:

  • provide the argument --keyname on the command line with a fully specified name;
  • provide the argument --keyring on the command line.
--location=LOCATION
The Google Cloud location for the key.

To set the location attribute:

  • provide the argument --keyname on the command line with a fully specified name;
  • provide the argument --location on the command line.
FLAGS
--resource-types=[RESOURCE_TYPES,…]
A list of resource types that this request searches for. If empty, it will search all the trackable resource types.

Regular expressions are also supported. For example:

  • compute.googleapis.com.* snapshots resources whose type starts with compute.googleapis.com.
  • .*Image snapshots resources whose type ends with Image.
  • .*Image.* snapshots resources whose type contains Image.

See RE2 for all supported regular expression syntax. If the regular expression does not match any supported resource type, an INVALID_ARGUMENT error will be returned.

LIST COMMAND FLAGS
--filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed. If the expression evaluates True, then that item is listed. For more details and examples of filter expressions, run $ gcloud topic filters. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
--limit=LIMIT
Maximum number of resources to list. The default is unlimited. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
--page-size=PAGE_SIZE
Some services group resource list output into pages. This flag specifies the maximum number of resources per page. The default is determined by the service if it supports paging, otherwise it is unlimited (no paging). Paging may be applied before or after --filter and --limit depending on the service.
--sort-by=[FIELD,…]
Comma-separated list of resource field key names to sort by. The default order is ascending. Prefix a field with ``~´´ for descending order on that field. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
--uri
Print a list of resource URIs instead of the default output, and change the command output to a list of URIs. If this flag is used with --format, the formatting is applied on this URI list. To display URIs alongside other keys instead, use the uri() transform.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud kms inventory search-protected-resources
gcloud beta kms inventory search-protected-resources