NAME gcloud beta kms keys versions import - import a version into an existing crypto key SYNOPSIS gcloud beta kms keys versions import --algorithm=ALGORITHM --import-job=IMPORT_JOB [--key=KEY] [--keyring=KEYRING] [--location=LOCATION] [--public-key-file=PUBLIC_KEY_FILE] [--target-key-file=TARGET_KEY_FILE] [--version=VERSION] [--wrapped-key-file=WRAPPED_KEY_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Imports wrapped key material into a new version within an existing crypto key following the import procedure documented at https://cloud.google.com/kms/docs/importing-a-key. EXAMPLES The following command will read the files 'path/to/ephemeral/key' and 'path/to/target/key' and use them to create a new version with algorithm 'google-symmetric-encryption' within the 'frodo' crypto key, 'fellowship' keyring, and 'us-central1' location using import job 'strider' to unwrap the provided key material. $ gcloud beta kms keys versions import --location=global \ --keyring=fellowship --key=frodo --import-job=strider \ --wrapped-key-file=path/to/target/key \ --algorithm=google-symmetric-encryption REQUIRED FLAGS --algorithm=ALGORITHM The algorithm to assign to the new key version. For more information about supported algorithms, see https://cloud.google.com/kms/docs/algorithms. ALGORITHM must be one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096. --import-job=IMPORT_JOB Name of the import job to import from. OPTIONAL FLAGS --key=KEY The containing key to import into. --keyring=KEYRING Key ring of the key. --location=LOCATION Location of the keyring. --public-key-file=PUBLIC_KEY_FILE Path to the public key of the ImportJob, used to wrap the key for import. If missing, the public key will be fetched on your behalf. --target-key-file=TARGET_KEY_FILE Path to the unwrapped target key to import into a Cloud KMS key version. If specified, the key will be securely wrapped before transmission to Google. --version=VERSION Version to re-import into. Omit this field for first-time import. --wrapped-key-file=WRAPPED_KEY_FILE Path to the RSA/RSA+AES wrapped key file to import. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details. NOTES This command is currently in beta and might change without notice. These variants are also available: $ gcloud kms keys versions import $ gcloud alpha kms keys versions import