- NAME
-
- gcloud kms encrypt - encrypt a plaintext file using a key
- SYNOPSIS
-
-
gcloud kms encrypt
--ciphertext-file
=CIPHERTEXT_FILE
--plaintext-file
=PLAINTEXT_FILE
[--additional-authenticated-data-file
=ADDITIONAL_AUTHENTICATED_DATA_FILE
] [--key
=KEY
] [--keyring
=KEYRING
] [--location
=LOCATION
] [--skip-integrity-verification
] [--version
=VERSION
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
Encrypts the given plaintext file using the given CryptoKey and writes the
result to the named ciphertext file. The plaintext file must not be larger than
64KiB.
If an additional authenticated data file is provided, its contents must also be provided during decryption. The file must not be larger than 64KiB.
The flag
--version
indicates the version of the key to use for encryption. By default, the primary version is used.If
--plaintext-file
or--additional-authenticated-data-file
is set to '-', that file is read from stdin. Similarly, if--ciphertext-file
is set to '-', the ciphertext is written to stdout.By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use
--skip-integrity-verification
to disable integrity verification. - EXAMPLES
-
The following command will read the file 'path/to/plaintext', encrypt it using
the CryptoKey
frodo
with the KeyRingfellowship
and Locationglobal
, and write the ciphertext to 'path/to/ciphertext'.gcloud kms encrypt --key=frodo --keyring=fellowship --location=global --plaintext-file=path/to/input/plaintext --ciphertext-file=path/to/output/ciphertext
- REQUIRED FLAGS
-
--ciphertext-file
=CIPHERTEXT_FILE
- File path of the ciphertext file to output.
--plaintext-file
=PLAINTEXT_FILE
- File path of the plaintext file to encrypt.
- OPTIONAL FLAGS
-
--additional-authenticated-data-file
=ADDITIONAL_AUTHENTICATED_DATA_FILE
- File path to the optional file containing the additional authenticated data.
--key
=KEY
- The key to use for encryption.
--keyring
=KEYRING
- Key ring of the key.
--location
=LOCATION
- Location of the keyring.
--skip-integrity-verification
- Skip integrity verification on request and response API fields.
--version
=VERSION
- Version to use for encryption.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
These variants are also available:
gcloud alpha kms encrypt
gcloud beta kms encrypt
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.