hmac - CRUD operations on service account HMAC keys.

hmac - CRUD operations on service account HMAC keys.

Synopsis

gsutil hmac create [-p project] service_account_email
gsutil hmac delete [-p project] access_id
gsutil hmac get [-p project] access_id
gsutil hmac list [-a] [-l] [-p project] [-u service_account_email]
gsutil hmac update -s <ACTIVE|INACTIVE> [-e etag] [-p project] access_id

Description

The hmac command is used to interact with service account HMAC keys.

The hmac command has five sub-commands:

Create

The hmac create command creates an HMAC key for the specified service account:

gsutil hmac create test.service.account@test_project.iam.gserviceaccount.com

The secret key material is only available upon creation, so be sure to store the returned secret along with the access_id.

Create Options

The "create" sub-command has the following option

-p <project_id>
 Specify a project in which to create a key.

Delete

The hmac delete command permanently deletes the specified HMAC key:

gsutil hmac delete GOOG56JBMFZX6PMPTQ62VD2

Note that keys must be updated to be in the INACTIVE state before they can be deleted.

Delete Options

The "delete" sub-command has the following option

-p <project_id>
 Specify a project from which to delete a key.

Get

The hmac get command retrieves the specified HMAC key's metadata:

gsutil hmac get GOOG56JBMFZX6PMPTQ62VD2

Note that there is no option to retrieve a key's secret material after it has been created.

Get Options

The "get" sub-command has the following option

-p <project_id>
 Specify a project from which to get a key.

List

The hmac list command lists the HMAC key metadata for keys in the specified project. If no project is specified in the command, the default project is used.

List Options

The "list" sub-command has the following options

-a Show all keys, including recently deleted keys.
-l Use long listing format. Shows each key's full metadata excluding the secret.
-p <project_id>
 Specify a project from which to list keys.
-u <service_account_email>
 Filter keys for a single service account.

Update

The hmac update command sets the state of the specified key:

gsutil hmac update -s INACTIVE -e M42da= GOOG56JBMFZX6PMPTQ62VD2

Valid state arguments are ACTIVE and INACTIVE. To set a key to state DELETED use the "hmac delete" command on an INACTIVE key. If an etag is set in the command, it will only succeed if the provided etag matches the etag of the stored key.

Update Options

The "update" sub-command has the following options

-s <ACTIVE|INACTIVE>
 Sets the state of the specified key to either ACTIVE or INACTIVE.
-e <etag> If provided, the update will only be performed if the specified etag matches the etag of the stored key.
-p <project_id>
 Specify a project in which to update a key.
Оцените, насколько информация на этой странице была вам полезна:

Оставить отзыв о...

Текущей странице
Cloud Storage
Нужна помощь? Обратитесь в службу поддержки.