NAME gcloud privateca pools create - create a new CA Pool SYNOPSIS gcloud privateca pools create (CA_POOL : --location=LOCATION) [--issuance-policy=ISSUANCE_POLICY] [--labels=[KEY=VALUE,...]] [--no-publish-ca-cert] [--no-publish-crl] [--tier=TIER; default="enterprise"] [GCLOUD_WIDE_FLAG ...] EXAMPLES To create a CA pool in the dev ops tier: $ gcloud privateca pools create my-pool --location=us-west1 \ --tier=devops To create a CA pool and restrict what it can issue: $ gcloud privateca pools create my-pool --location=us-west1 \ --issuance-policy=policy.yaml To create a CA pool that doesn't publicly publish CA certificates and CRLs: $ gcloud privateca pools create my-pool --location=us-west1 \ --issuance-policy=policy.yaml --no-publish-ca-cert \ --no-publish-crl POSITIONAL ARGUMENTS CA POOL resource - The ca pool to create. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute: ◆ provide the argument CA_POOL on the command line with a fully specified name; ◆ provide the argument --project on the command line; ◆ set the property core/project. This must be specified. CA_POOL ID of the CA_POOL or fully qualified identifier for the CA_POOL. To set the pool attribute: ▸ provide the argument CA_POOL on the command line. This positional must be specified if any of the other arguments in this group are specified. --location=LOCATION The location of the CA_POOL. To set the location attribute: ▸ provide the argument CA_POOL on the command line with a fully specified name; ▸ provide the argument --location on the command line; ▸ set the property privateca/location. FLAGS --issuance-policy=ISSUANCE_POLICY A YAML file describing this CA Pool's issuance policy. --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers. --publish-ca-cert If this is enabled, the following will happen: 1) The CA certificates will be written to a known location within the CA distribution point. 2) The AIA extension in all issued certificates will point to the CA cert URL in that distribution point. If this gets disabled, the AIA extension will not be written to any future certificates issued by this CA. However, an existing bucket will not be deleted, and the CA certificates will not be removed from that bucket. Note that the same bucket may be used for the CRLs if --publish-crl is set. Enabled by default, use --no-publish-ca-cert to disable. --publish-crl If this gets enabled, the following will happen: 1) CRLs will be written to a known location within the CA distribution point. 2) The CDP extension in all future issued certificates will point to the CRL URL in that distribution point. If this gets disabled, the CDP extension will not be written to any future certificates issued by CAs in this pool, and new CRLs will not be published to that bucket (which affects existing certs). However, an existing bucket will not be deleted, and any existing CRLs will not be removed from that bucket. Note that the same bucket may be used for the CA cert if --publish-ca-cert is set. CRL publication is not supported for CAs in the DevOps tier. Enabled by default, use --no-publish-crl to disable. --tier=TIER; default="enterprise" The tier for the Certificate Authority. TIER must be one of: devops, enterprise. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.