NAME
    gcloud privateca pools create - create a new CA Pool

SYNOPSIS
    gcloud privateca pools create (CA_POOL : --location=LOCATION)
        [--encryption-key=ENCRYPTION_KEY] [--issuance-policy=ISSUANCE_POLICY]
        [--labels=[KEY=VALUE,...]] [--no-publish-ca-cert] [--no-publish-crl]
        [--publishing-encoding-format=PUBLISHING_ENCODING_FORMAT;
          default="pem"] [--tier=TIER; default="enterprise"]
        [GCLOUD_WIDE_FLAG ...]

EXAMPLES
    To create a CA pool in the dev ops tier:

        $ gcloud privateca pools create my-pool --location=us-west1 \
          --tier=devops

    To create a CA pool and restrict what it can issue:

        $ gcloud privateca pools create my-pool --location=us-west1 \
          --issuance-policy=policy.yaml

    To create a CA pool that doesn't publicly publish CA certificates and CRLs:

        $ gcloud privateca pools create my-pool --location=us-west1 \
          --issuance-policy=policy.yaml --no-publish-ca-cert \
          --no-publish-crl

POSITIONAL ARGUMENTS
     CA POOL resource - The ca pool to create. The arguments in this group can
     be used to specify the attributes of this resource. (NOTE) Some attributes
     are not given arguments in this group but can be set in other ways.

     To set the project attribute:
      ◆ provide the argument CA_POOL on the command line with a fully
        specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     This must be specified.

       CA_POOL
          ID of the CA_POOL or fully qualified identifier for the CA_POOL.

          To set the pool attribute:
          ▸ provide the argument CA_POOL on the command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          The location of the CA_POOL.

          To set the location attribute:
          ▸ provide the argument CA_POOL on the command line with a fully
            specified name;
          ▸ provide the argument --location on the command line;
          ▸ set the property privateca/location.

FLAGS
     --encryption-key=ENCRYPTION_KEY
        The full resource name of the Cloud KMS key to use for encrypting
        certificate data at rest. The key must be in the same region as the CA
        pool.

     --issuance-policy=ISSUANCE_POLICY
        A YAML file describing this CA Pool's issuance policy.

     --labels=[KEY=VALUE,...]
        List of label KEY=VALUE pairs to add.

        Keys must start with a lowercase character and contain only hyphens
        (-), underscores (_), lowercase characters, and numbers. Values must
        contain only hyphens (-), underscores (_), lowercase characters, and
        numbers.

     --publish-ca-cert
        If this is enabled, the following will happen: 1) The CA certificates
        will be written to a known location within the CA distribution point.
        2) The AIA extension in all issued certificates will point to the CA
        cert URL in that distribition point.

        Note that the same bucket may be used for the CRLs if --publish-crl is
        set.

        Enabled by default, use --no-publish-ca-cert to disable.

     --publish-crl
        If this gets enabled, the following will happen: 1) CRLs will be
        written to a known location within the CA distribution point. 2) The
        CDP extension in all future issued certificates will point to the CRL
        URL in that distribution point.

        Note that the same bucket may be used for the CA cert if
        --publish-ca-cert is set.

        CRL publication is not supported for CAs in the DevOps tier.

        Enabled by default, use --no-publish-crl to disable.

     --publishing-encoding-format=PUBLISHING_ENCODING_FORMAT; default="pem"
        The encoding format of the content published to storage buckets.
        PUBLISHING_ENCODING_FORMAT must be one of: der, pem.

     --tier=TIER; default="enterprise"
        The tier for the Certificate Authority. TIER must be one of: devops,
        enterprise.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.
