- NAME
-
- gcloud secrets replication update - update a secret replica's metadata
- SYNOPSIS
-
-
gcloud secrets replication update
SECRET
[--remove-cmek
|--location
=REPLICA-LOCATION
--set-kms-key
=SET-KMS-KEY
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
Update a secret replica's metadata (e.g. cmek policy). This command will return
an error if given a secret that does not exist or if given a location that the
given secret doesn't exist in.
The --remove-kms-key flag is only valid for Secrets that have an automatic replication policy or exist in a single location. To remove keys from a Secret with multiple user managed replicas, please use the set-replication command.
- EXAMPLES
-
To remove CMEK from a secret called 'my-secret', run:
gcloud secrets replication update my-secret --remove-cmek
To set the CMEK key on an automatic secret called my-secret to a specified KMS key, run:
$gcloud secrets replication update my-secret --set-kms-key=projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key
To set the CMEK key on a secret called my-secret to a specified KMS key in a specified location in its replication, run:
$gcloud secrets replication update my-secret --set-kms-key=projects/my-project/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key --location=us-central1
- POSITIONAL ARGUMENTS
-
-
Secret resource - The secret to update. This represents a Cloud resource. (NOTE)
Some attributes are not given arguments in this group but can be set in other
ways.
To set the
project
attribute:-
provide the argument
SECRET
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
This must be specified.
SECRET
-
ID of the secret or fully qualified identifier for the secret.
To set the
secret
attribute:-
provide the argument
SECRET
on the command line.
-
provide the argument
-
provide the argument
-
Secret resource - The secret to update. This represents a Cloud resource. (NOTE)
Some attributes are not given arguments in this group but can be set in other
ways.
- FLAGS
-
-
Replication update.
At most one of these can be specified:
--remove-cmek
- Remove customer managed encryption key so that future versions will be encrypted by a Google managed encryption key.
-
CMEK Update.
--location
=REPLICA-LOCATION
- Location of replica to update. For secrets with automatic replication policies, this can be omitted.
--set-kms-key
=SET-KMS-KEY
- New KMS key with which to encrypt and decrypt future secret versions.
-
Replication update.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This variant is also available:
gcloud beta secrets replication update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.