mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-16 12:22:03 +00:00
gcloud: Tue Mar 1 21:43:54 UTC 2022
This commit is contained in:
parent
c1c3b75313
commit
21878eea72
1018 changed files with 4838 additions and 3409 deletions
|
|
@ -18,20 +18,15 @@ EXAMPLES
|
|||
To create a certificate using a CSR:
|
||||
|
||||
$ gcloud beta privateca certificates create frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us \
|
||||
--csr=./csr.pem \
|
||||
--cert-output-file=./cert.pem \
|
||||
--validity=P30D
|
||||
--issuer=server-tls-1 --issuer-location=us --csr=./csr.pem \
|
||||
--cert-output-file=./cert.pem --validity=P30D
|
||||
|
||||
To create a certificate using a client-generated key:
|
||||
|
||||
$ gcloud beta privateca certificates create frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us \
|
||||
--generate-key \
|
||||
--key-output-file=./key \
|
||||
--cert-output-file=./cert.pem \
|
||||
--dns-san=www.joonix.net \
|
||||
--reusable-config=server-tls
|
||||
--issuer=server-tls-1 --issuer-location=us --generate-key \
|
||||
--key-output-file=./key --cert-output-file=./cert.pem \
|
||||
--dns-san=www.joonix.net --reusable-config=server-tls
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE resource - The name of the certificate to issue. If the
|
||||
|
|
|
|||
|
|
@ -14,14 +14,14 @@ EXAMPLES
|
|||
To get metadata for the 'frontend-server-tls' certificate:
|
||||
|
||||
$ gcloud beta privateca certificates describe frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us-west1
|
||||
--issuer=server-tls-1 --issuer-location=us-west1
|
||||
|
||||
To download the PEM-encoded certificate for the 'frontend-server-tls'
|
||||
certificate to a file called 'frontend-server-tls.crt':
|
||||
|
||||
$ gcloud beta privateca certificates describe frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us-west1 \
|
||||
--format="value(pem_cert)" > ./frontend-server-tls.crt
|
||||
--issuer=server-tls-1 --issuer-location=us-west1 \
|
||||
--format="value(pem_cert)" > ./frontend-server-tls.crt
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE resource - The certificate for which to obtain metadata. The
|
||||
|
|
|
|||
|
|
@ -15,17 +15,16 @@ EXAMPLES
|
|||
To revoke the 'frontend-server-tls' certificate due to key compromise:
|
||||
|
||||
$ gcloud beta privateca certificates revoke \
|
||||
--certificate=frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us-west1 \
|
||||
--reason=key_compromise
|
||||
--certificate=frontend-server-tls --issuer=server-tls-1 \
|
||||
--issuer-location=us-west1 --reason=key_compromise
|
||||
|
||||
To revoke the a certificate with the serial number
|
||||
'7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40' due to a newer one being issued:
|
||||
|
||||
$ gcloud beta privateca certificates revoke \
|
||||
--serial-number=7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40 \
|
||||
--issuer=server-tls-1 --issuer-location=us-west1 \
|
||||
--reason=superseded
|
||||
--serial-number=7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40 \
|
||||
--issuer=server-tls-1 --issuer-location=us-west1 \
|
||||
--reason=superseded
|
||||
|
||||
REQUIRED FLAGS
|
||||
The certificate identifier.
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ EXAMPLES
|
|||
To update labels on a certificate:
|
||||
|
||||
$ gcloud beta privateca certificates update frontend-server-tls \
|
||||
--issuer=server-tls-1 --issuer-location=us \
|
||||
--update-labels=in_use=true
|
||||
--issuer=server-tls-1 --issuer-location=us \
|
||||
--update-labels=in_use=true
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE resource - The certificate to update. The arguments in this
|
||||
|
|
|
|||
|
|
@ -20,9 +20,8 @@ EXAMPLES
|
|||
the CA 'prod-root' with the location 'us-west1', run:
|
||||
|
||||
$ gcloud beta privateca roots add-iam-policy-binding prod-root \
|
||||
--location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
--location='us-west1' --member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -25,35 +25,34 @@ EXAMPLES
|
|||
To create a root CA that supports one layer of subordinates:
|
||||
|
||||
$ gcloud beta privateca roots create prod-root \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
|
||||
\
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--max-chain-length=1
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--max-chain-length=1
|
||||
|
||||
To create a root CA and restrict what it can issue:
|
||||
|
||||
$ gcloud beta privateca roots create prod-root \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
|
||||
\
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--issuance-policy=policy.yaml
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--issuance-policy=policy.yaml
|
||||
|
||||
To create a root CA that doesn't publicly publish CA certificate and CRLs:
|
||||
|
||||
$ gcloud beta privateca roots create root-2 \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
|
||||
\
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--issuance-policy=policy.yaml \
|
||||
--no-publish-ca-cert \
|
||||
--no-publish-crl
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
|
||||
--subject="CN=Joonix Production Root CA, O=Google" \
|
||||
--issuance-policy=policy.yaml --no-publish-ca-cert \
|
||||
--no-publish-crl
|
||||
|
||||
To create a root CA that is based on an existing CA:
|
||||
|
||||
$ gcloud beta privateca roots create prod-root \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
|
||||
\
|
||||
--from-ca=source-root --from-ca-location=us-central1
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" --from-ca=source-root \
|
||||
--from-ca-location=us-central1
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The name of the root CA to create. The
|
||||
|
|
|
|||
|
|
@ -12,15 +12,13 @@ DESCRIPTION
|
|||
EXAMPLES
|
||||
To get metadata for the root CA 'prod-root' in location 'us-west1':
|
||||
|
||||
$ gcloud beta privateca roots describe server-tls-1 \
|
||||
--location=us
|
||||
$ gcloud beta privateca roots describe server-tls-1 --location=us
|
||||
|
||||
To download the PEM-encoded CA certificate for the 'prod-root' CA in
|
||||
location 'us-west1' to a file called 'prod-root.crt':
|
||||
|
||||
$ gcloud beta privateca roots describe prod-root \
|
||||
--location=us-west1 \
|
||||
--format="value(pem_cert)" > ./prod-root.crt
|
||||
--location=us-west1 --format="value(pem_cert)" > ./prod-root.crt
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -20,9 +20,8 @@ EXAMPLES
|
|||
the CA 'prod-root' with the location 'us-west1', run:
|
||||
|
||||
$ gcloud beta privateca roots remove-iam-policy-binding prod-root \
|
||||
--location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
--location='us-west1' --member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -12,15 +12,13 @@ SYNOPSIS
|
|||
EXAMPLES
|
||||
To update labels on a root CA:
|
||||
|
||||
$ gcloud beta privateca roots update prod-root \
|
||||
--location=us-west1 \
|
||||
--update-labels=foo=bar
|
||||
$ gcloud beta privateca roots update prod-root --location=us-west1 \
|
||||
--update-labels=foo=bar
|
||||
|
||||
To disable publishing CRLs for a root CA:
|
||||
|
||||
$ gcloud beta privateca roots update prod-root \
|
||||
--location=us-west1 \
|
||||
--no-publish-crl
|
||||
$ gcloud beta privateca roots update prod-root --location=us-west1 \
|
||||
--no-publish-crl
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE AUTHORITY resource - The certificate authority to update. The
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ EXAMPLES
|
|||
using a PEM certificate chain in 'chain.crt':
|
||||
|
||||
$ gcloud beta privateca subordinates activate server-tls-1 \
|
||||
--location=us \
|
||||
--pem-chain=./chain.crt
|
||||
--location=us --pem-chain=./chain.crt
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE AUTHORITY resource - The certificate authority to activate.
|
||||
|
|
|
|||
|
|
@ -20,10 +20,9 @@ EXAMPLES
|
|||
the CA 'server-tls-1' with the location 'us-west1', run:
|
||||
|
||||
$ gcloud beta privateca subordinates add-iam-policy-binding \
|
||||
server-tls-1 \
|
||||
--location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
server-tls-1 --location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -29,26 +29,28 @@ EXAMPLES
|
|||
CA:
|
||||
|
||||
$ gcloud beta privateca subordinates create server-tls-1 \
|
||||
--subject="CN=Joonix TLS CA, O=Google" \
|
||||
--issuer=prod-root --issuer-location=us-west1 \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
--subject="CN=Joonix TLS CA, O=Google" --issuer=prod-root \
|
||||
--issuer-location=us-west1 \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
|
||||
To create a subordinate CA named 'server-tls-1' whose issuer is located
|
||||
elsewhere:
|
||||
|
||||
$ gcloud beta privateca subordinates create server-tls-1 \
|
||||
--subject="CN=Joonix TLS CA, O=Google" \
|
||||
--create-csr \
|
||||
--csr-output-file="./csr.pem" \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
--subject="CN=Joonix TLS CA, O=Google" --create-csr \
|
||||
--csr-output-file="./csr.pem" \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
|
||||
To create a subordinate CA named 'server-tls-1' chaining up to a root CA
|
||||
named 'prod-root' based on an existing CA:
|
||||
|
||||
$ gcloud beta privateca subordinates create server-tls-1 \
|
||||
--issuer=prod-root --issuer-location=us-west1 \
|
||||
--from-ca=source-ca --from-ca-location=us-central1 \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
--issuer=prod-root --issuer-location=us-west1 \
|
||||
--from-ca=source-ca --from-ca-location=us-central1 \
|
||||
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
|
||||
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The name of the subordinate CA to create.
|
||||
|
|
|
|||
|
|
@ -14,14 +14,14 @@ EXAMPLES
|
|||
'us-west1':
|
||||
|
||||
$ gcloud beta privateca subordinates describe server-tls-1 \
|
||||
--location=us-west1
|
||||
--location=us-west1
|
||||
|
||||
To download the PEM-encoded CA certificate for the 'server-tls-1' CA in
|
||||
location 'us-west1' to a file called 'server-tls-1.crt':
|
||||
|
||||
$ gcloud beta privateca subordinates describe server-tls-1 \
|
||||
--location=us-west1 \
|
||||
--format="value(pem_cert)" > ./server-tls-1.crt
|
||||
--location=us-west1 --format="value(pem_cert)" > \
|
||||
./server-tls-1.crt
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -20,10 +20,9 @@ EXAMPLES
|
|||
the CA 'server-tls-1' with the location 'us-west1', run:
|
||||
|
||||
$ gcloud beta privateca subordinates remove-iam-policy-binding \
|
||||
server-tls-1 \
|
||||
--location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
server-tls-1 --location='us-west1' \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/privateca.certificateManager'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
Certificate Authority resource - The certificate authority for which to
|
||||
|
|
|
|||
|
|
@ -14,14 +14,12 @@ EXAMPLES
|
|||
To update labels on a subordinate CA:
|
||||
|
||||
$ gcloud beta privateca subordinates update server-tls-1 \
|
||||
--location=us-west1 \
|
||||
--update-labels=foo=bar
|
||||
--location=us-west1 --update-labels=foo=bar
|
||||
|
||||
To disable publishing CRLs for a subordinate CA:
|
||||
|
||||
$ gcloud beta privateca subordinates update server-tls-1 \
|
||||
--location=us-west1 \
|
||||
--no-publish-crl
|
||||
--location=us-west1 --no-publish-crl
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
CERTIFICATE AUTHORITY resource - The certificate authority to update. The
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue