mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-18 23:08:48 +00:00
gcloud: Wed Sep 17 11:04:06 UTC 2025
This commit is contained in:
parent
78d417f901
commit
79c9fb4d92
193 changed files with 12122 additions and 1486 deletions
68
gcloud/beta/kms/decapsulate
Normal file
68
gcloud/beta/kms/decapsulate
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
NAME
|
||||
gcloud beta kms decapsulate - decapsulate an input file using a
|
||||
key-encapsulation key version
|
||||
|
||||
SYNOPSIS
|
||||
gcloud beta kms decapsulate --ciphertext-file=CIPHERTEXT_FILE
|
||||
--shared-secret-file=SHARED_SECRET_FILE [--key=KEY] [--keyring=KEYRING]
|
||||
[--location=LOCATION] [--skip-integrity-verification]
|
||||
[--version=VERSION] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(BETA) Decapsulates the given ciphertext file using the provided
|
||||
key-encapsulation key version and saves the decapsulated shared secret to
|
||||
the shared secret file.
|
||||
|
||||
By default, the command performs integrity verification on data sent to and
|
||||
received from Cloud KMS. Use --skip-integrity-verification to disable
|
||||
integrity verification.
|
||||
|
||||
EXAMPLES
|
||||
The following command will read the file '/tmp/my/secret.file.enc',
|
||||
decapsulate it using the key encapsulation CryptoKey my-key Version 3 and
|
||||
write the shared secret to '/tmp/my/secret.file.dec'.
|
||||
|
||||
$ gcloud beta kms decapsulate --location=us-central1 \
|
||||
--keyring=my-keyring --key=my-key --version=3 \
|
||||
--ciphertext-file=/tmp/my/secret.file.enc \
|
||||
--shared-secret-file=/tmp/my/secret.file.dec
|
||||
|
||||
REQUIRED FLAGS
|
||||
--ciphertext-file=CIPHERTEXT_FILE
|
||||
File path of the ciphertext file to decapsulate.
|
||||
|
||||
--shared-secret-file=SHARED_SECRET_FILE
|
||||
File path of the shared secret file to output.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--key=KEY
|
||||
to use for decapsulation.
|
||||
|
||||
--keyring=KEYRING
|
||||
Key ring of the key.
|
||||
|
||||
--location=LOCATION
|
||||
Location of the keyring.
|
||||
|
||||
--skip-integrity-verification
|
||||
Skip integrity verification on request and response API fields.
|
||||
|
||||
--version=VERSION
|
||||
Version to use for decapsulation.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in beta and might change without notice. These
|
||||
variants are also available:
|
||||
|
||||
$ gcloud kms decapsulate
|
||||
|
||||
$ gcloud alpha kms decapsulate
|
||||
|
||||
|
|
@ -65,6 +65,9 @@ COMMANDS
|
|||
asymmetric-sign
|
||||
(BETA) Sign a user input file using an asymmetric-signing key version.
|
||||
|
||||
decapsulate
|
||||
(BETA) Decapsulate an input file using a key-encapsulation key version.
|
||||
|
||||
decrypt
|
||||
(BETA) Decrypt a ciphertext file using a Cloud KMS key.
|
||||
|
||||
|
|
|
|||
|
|
@ -171,8 +171,8 @@ POSITIONAL ARGUMENTS
|
|||
REQUIRED FLAGS
|
||||
--purpose=PURPOSE
|
||||
The "purpose" of the key. PURPOSE must be one of:
|
||||
asymmetric-encryption, asymmetric-signing, encryption, mac,
|
||||
raw-encryption.
|
||||
asymmetric-encryption, asymmetric-signing, encryption,
|
||||
key-encapsulation, mac, raw-encryption.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
|
||||
|
|
@ -204,18 +204,18 @@ OPTIONAL FLAGS
|
|||
aes-256-ctr, aes-256-gcm, ec-sign-ed25519, ec-sign-p256-sha256,
|
||||
ec-sign-p384-sha384, ec-sign-secp256k1-sha256,
|
||||
external-symmetric-encryption, google-symmetric-encryption, hmac-sha1,
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512,
|
||||
pq-sign-hash-slh-dsa-sha2-128s-sha256, pq-sign-ml-dsa-65,
|
||||
pq-sign-slh-dsa-sha2-128s, rsa-decrypt-oaep-2048-sha1,
|
||||
rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1,
|
||||
rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1,
|
||||
rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512,
|
||||
rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256,
|
||||
rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512,
|
||||
rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256,
|
||||
rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512,
|
||||
rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072,
|
||||
rsa-sign-raw-pkcs1-4096.
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, kem-xwing,
|
||||
ml-kem-1024, ml-kem-768, pq-sign-hash-slh-dsa-sha2-128s-sha256,
|
||||
pq-sign-ml-dsa-65, pq-sign-slh-dsa-sha2-128s,
|
||||
rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256,
|
||||
rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256,
|
||||
rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256,
|
||||
rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256,
|
||||
rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256,
|
||||
rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256,
|
||||
rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256,
|
||||
rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048,
|
||||
rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096.
|
||||
|
||||
--destroy-scheduled-duration=DESTROY_SCHEDULED_DURATION
|
||||
The amount of time that versions of the key should spend in the
|
||||
|
|
|
|||
|
|
@ -175,18 +175,18 @@ FLAGS
|
|||
aes-256-ctr, aes-256-gcm, ec-sign-ed25519, ec-sign-p256-sha256,
|
||||
ec-sign-p384-sha384, ec-sign-secp256k1-sha256,
|
||||
external-symmetric-encryption, google-symmetric-encryption, hmac-sha1,
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512,
|
||||
pq-sign-hash-slh-dsa-sha2-128s-sha256, pq-sign-ml-dsa-65,
|
||||
pq-sign-slh-dsa-sha2-128s, rsa-decrypt-oaep-2048-sha1,
|
||||
rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1,
|
||||
rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1,
|
||||
rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512,
|
||||
rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256,
|
||||
rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512,
|
||||
rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256,
|
||||
rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512,
|
||||
rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072,
|
||||
rsa-sign-raw-pkcs1-4096.
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, kem-xwing,
|
||||
ml-kem-1024, ml-kem-768, pq-sign-hash-slh-dsa-sha2-128s-sha256,
|
||||
pq-sign-ml-dsa-65, pq-sign-slh-dsa-sha2-128s,
|
||||
rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256,
|
||||
rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256,
|
||||
rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256,
|
||||
rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256,
|
||||
rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256,
|
||||
rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256,
|
||||
rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256,
|
||||
rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048,
|
||||
rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096.
|
||||
|
||||
--next-rotation-time=NEXT_ROTATION_TIME
|
||||
Next automatic rotation time of the key. See $ gcloud topic datetimes
|
||||
|
|
|
|||
|
|
@ -15,11 +15,13 @@ DESCRIPTION
|
|||
If not specified, the public key will be printed to stdout.
|
||||
|
||||
The optional flag public-key-format indicates the format in which the
|
||||
public key will be returned. For the PQC algorithms, this must be specified
|
||||
and set to nist-pqc. For all other algorithms, this flag is optional and
|
||||
defaults to pem. See "Retrieve a public key" in the Cloud KMS documentation
|
||||
(https://cloud.google.com/kms/docs/retrieve-public-key) for more
|
||||
information about the supported formats.
|
||||
public key will be returned. For the NIST PQC algorithms, this must be
|
||||
specified and set to nist-pqc. For kem-xwing this must be specified and set
|
||||
to xwing-raw-bytes. For all other algorithms, this flag is optional and can
|
||||
be either pem or der; the default value is pem. See "Retrieve a public key"
|
||||
in the Cloud KMS documentation
|
||||
(https://cloud.google.com/kms/help/get-public-key) for more information
|
||||
about the supported formats.
|
||||
|
||||
EXAMPLES
|
||||
The following command saves the public key for CryptoKey frodo Version 2 to
|
||||
|
|
|
|||
|
|
@ -34,18 +34,18 @@ REQUIRED FLAGS
|
|||
aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr,
|
||||
aes-256-gcm, ec-sign-ed25519, ec-sign-p256-sha256, ec-sign-p384-sha384,
|
||||
ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1,
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512,
|
||||
pq-sign-hash-slh-dsa-sha2-128s-sha256, pq-sign-ml-dsa-65,
|
||||
pq-sign-slh-dsa-sha2-128s, rsa-decrypt-oaep-2048-sha1,
|
||||
rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1,
|
||||
rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1,
|
||||
rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512,
|
||||
rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256,
|
||||
rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512,
|
||||
rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256,
|
||||
rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512,
|
||||
rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072,
|
||||
rsa-sign-raw-pkcs1-4096.
|
||||
hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, kem-xwing,
|
||||
ml-kem-1024, ml-kem-768, pq-sign-hash-slh-dsa-sha2-128s-sha256,
|
||||
pq-sign-ml-dsa-65, pq-sign-slh-dsa-sha2-128s,
|
||||
rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256,
|
||||
rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256,
|
||||
rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256,
|
||||
rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256,
|
||||
rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256,
|
||||
rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256,
|
||||
rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256,
|
||||
rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048,
|
||||
rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096.
|
||||
|
||||
--import-job=IMPORT_JOB
|
||||
Name of the import job to import from.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue