1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-18 14:56:05 +00:00

gcloud: Thu Jun 27 09:38:12 UTC 2024

This commit is contained in:
Automated 2024-06-27 09:38:12 +00:00
parent fb3e2aa33b
commit 9cd336cae4
60 changed files with 1726 additions and 122 deletions

View file

@ -3,10 +3,13 @@ NAME
SYNOPSIS
gcloud kms keys update (KEY : --keyring=KEYRING --location=LOCATION)
[--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]]
[--default-algorithm=DEFAULT_ALGORITHM]
[--next-rotation-time=NEXT_ROTATION_TIME]
[--primary-version=PRIMARY_VERSION] [--remove-rotation-schedule]
[--rotation-period=ROTATION_PERIOD] [--update-labels=[KEY=VALUE,...]]
[--primary-version=PRIMARY_VERSION]
[--remove-key-access-justifications-policy]
[--remove-rotation-schedule] [--rotation-period=ROTATION_PERIOD]
[--update-labels=[KEY=VALUE,...]]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -31,6 +34,20 @@ DESCRIPTION
4. Update the primary version for the given key with primary-version flag.
5. Update the Key Access Justifications policy for the given key with
allowed-access-reasons flag to allow specified reasons. The key must be
enrolled in Key Access Justifications to use this flag.
6. Remove the Key Access Justifications policy for the given key with
remove-key-access-justifications-policy flag. The key must be enrolled in
Key Access Justifications to use this flag.
7. Update the Key Access Justifications policy for the given key with
allowed_access_reasons flag to allow zero access reasons. This effectively
disables the key, because a policy is configured to reject all access
reasons. The key must be enrolled in Key Access Justifications to use this
flag.
EXAMPLES
The following command sets a 30 day rotation period for the key named frodo
within the keyring fellowship and location global starting at the specified
@ -74,6 +91,29 @@ EXAMPLES
--keyring=fellowship \
--default-algorithm=rsa-decrypt-oaep-4096-sha256
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only customer-initiated-access and google-initiated-system-operation:
$ gcloud kms keys update frodo --location=global \
--keyring=fellowship \
--allowed-access-reasons=customer-initiated-access,\
google-initiated-system-operation
The following command removes the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global, which
results in all access reasons being allowed:
$ gcloud kms keys update frodo --location=global \
--keyring=fellowship --remove-key-access-justifications-policy
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only zero access reasons, effectively disabling the key:
$ gcloud kms keys update frodo --location=global \
--keyring=fellowship --allowed-access-reasons=
POSITIONAL ARGUMENTS
Key resource - The KMS key resource. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes
@ -112,6 +152,21 @@ POSITIONAL ARGUMENTS
▸ provide the argument --location on the command line.
FLAGS
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
The list of allowed Key Access Justifications access reasons on the
key. The key must be enrolled in Key Access Justifications to configure
this field. By default, this field is absent, and all justification
codes are allowed. For more information about justification codes, see
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
ALLOWED_ACCESS_REASONS must be one of:
customer-authorized-workflow-servicing, customer-initiated-access,
customer-initiated-support, google-initiated-review,
google-initiated-service, google-initiated-system-operation,
google-response-to-production-alert,
modified-customer-initiated-access,
modified-google-initiated-system-operation, reason-not-expected,
reason-unspecified, third-party-data-request.
--default-algorithm=DEFAULT_ALGORITHM
The default algorithm for the crypto key. For more information about
choosing an algorithm, see
@ -138,6 +193,10 @@ FLAGS
--primary-version=PRIMARY_VERSION
Primary version to make primary.
--remove-key-access-justifications-policy
Removes the Key Access Justifications policy on the key, making all
justification codes allowed.
--remove-rotation-schedule
Remove any existing rotation schedule on the key.