NAME
    gcloud kms keys versions import - import a version into an existing crypto
        key

SYNOPSIS
    gcloud kms keys versions import --algorithm=ALGORITHM
        --import-job=IMPORT_JOB [--key=KEY] [--keyring=KEYRING]
        [--location=LOCATION] [--public-key-file=PUBLIC_KEY_FILE]
        [--target-key-file=TARGET_KEY_FILE] [--version=VERSION]
        [--wrapped-key-file=WRAPPED_KEY_FILE] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Imports wrapped key material into a new version within an existing crypto
    key following the import procedure documented at
    https://cloud.google.com/kms/docs/importing-a-key.

EXAMPLES
    The following command will read the files 'path/to/ephemeral/key' and
    'path/to/target/key' and use them to create a new version with algorithm
    'google-symmetric-encryption' within the 'frodo' crypto key, 'fellowship'
    keyring, and 'us-central1' location using import job 'strider' to unwrap
    the provided key material.

        $ gcloud kms keys versions import --location=global \
            --keyring=fellowship --key=frodo --import-job=strider \
            --wrapped-key-file=path/to/target/key \
            --algorithm=google-symmetric-encryption

REQUIRED FLAGS
     --algorithm=ALGORITHM
        The algorithm to assign to the new key version. For more information
        about supported algorithms, see
        https://cloud.google.com/kms/docs/algorithms. ALGORITHM must be one of:
        aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr,
        aes-256-gcm, ec-sign-ed25519, ec-sign-p256-sha256, ec-sign-p384-sha384,
        ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1,
        hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, kem-xwing,
        ml-kem-1024, ml-kem-768, pq-sign-hash-slh-dsa-sha2-128s-sha256,
        pq-sign-ml-dsa-44, pq-sign-ml-dsa-44-external-mu, pq-sign-ml-dsa-65,
        pq-sign-ml-dsa-65-external-mu, pq-sign-ml-dsa-87,
        pq-sign-ml-dsa-87-external-mu, pq-sign-slh-dsa-sha2-128s,
        rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256,
        rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256,
        rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256,
        rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256,
        rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256,
        rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256,
        rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256,
        rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048,
        rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096.

     --import-job=IMPORT_JOB
        Name of the import job to import from.

OPTIONAL FLAGS
     --key=KEY
        The containing key to import into.

     --keyring=KEYRING
        Key ring of the key.

     --location=LOCATION
        Location of the keyring.

     --public-key-file=PUBLIC_KEY_FILE
        Path to the public key of the ImportJob, used to wrap the key for
        import. If missing, the public key will be fetched on your behalf.

     --target-key-file=TARGET_KEY_FILE
        Path to the unwrapped target key to import into a Cloud KMS key
        version. If specified, the key will be securely wrapped before
        transmission to Google.

     --version=VERSION
        Version to re-import into. Omit this field for first-time import.

     --wrapped-key-file=WRAPPED_KEY_FILE
        Path to the RSA/RSA+AES wrapped key file to import.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    These variants are also available:

        $ gcloud alpha kms keys versions import

        $ gcloud beta kms keys versions import

