NAME gcloud iot devices credentials create - add a new credential to a device SYNOPSIS gcloud iot devices credentials create --path=PATH --type=TYPE (--device=DEVICE : --region=REGION --registry=REGISTRY) [--expiration-time=EXPIRATION_TIME] [GCLOUD_WIDE_FLAG ...] DESCRIPTION A device may have at most 3 credentials. EXAMPLES To add an RSA public key wrapped in an X.509v3 certificate to a device, run: $ gcloud iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/cert.pem --type=rsa-x509-pem To add a public key for the ECDSA algorithm to a device, run: $ gcloud iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/ec_public.pem --type=es256-pem REQUIRED FLAGS --path=PATH The path on disk to the file containing the key. --type=TYPE The type of the key. TYPE must be one of: es256 Deprecated nmame for es256-pem es256-pem Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify JWT tokens with the ES256 algorithm (RFC7518 (https://www.ietf.org/rfc/rfc7518.txt)). This curve is defined in OpenSSL (https://www.openssl.org/) as the prime256v1 curve. es256-x509-pem As ES256_PEM, but wrapped in an X.509v3 certificate (RFC5280 (https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. rs256 Deprecated name for rsa-x509-pem rsa-pem An RSA public key encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify RS256 signatures in JWT tokens (RFC7518 (https://www.ietf.org/rfc/rfc7518.txt)). rsa-x509-pem As RSA_PEM, but wrapped in an X.509v3 certificate (RFC5280 (https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Device resource - The device for which to create credentials. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute: ◆ provide the argument --device on the command line with a fully specified name; ◆ provide the argument --project on the command line; ◆ set the property core/project. This must be specified. --device=DEVICE ID of the device or fully qualified identifier for the device. To set the device attribute: ▸ provide the argument --device on the command line. This flag argument must be specified if any of the other arguments in this group are specified. --region=REGION The Cloud region for the device. To set the region attribute: ▸ provide the argument --device on the command line with a fully specified name; ▸ provide the argument --region on the command line. --registry=REGISTRY The device registry for the device. To set the registry attribute: ▸ provide the argument --device on the command line with a fully specified name; ▸ provide the argument --registry on the command line. OPTIONAL FLAGS --expiration-time=EXPIRATION_TIME The expiration time for the key. See $ gcloud topic datetimes for information on time formats. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details. NOTES These variants are also available: $ gcloud alpha iot devices credentials create $ gcloud beta iot devices credentials create