Console
    Start free

    gcloud kms keys versions import

    NAME
    gcloud kms keys versions import - import a version into an existing crypto key
    SYNOPSIS
    gcloud kms keys versions import --algorithm = ALGORITHM --import-job = IMPORT_JOB [ --key = KEY ] [ --keyring = KEYRING ] [ --location = LOCATION ] [ --public-key-file = PUBLIC_KEY_FILE ] [ --target-key-file = TARGET_KEY_FILE ] [ --version = VERSION ] [ --wrapped-key-file = WRAPPED_KEY_FILE ] [ GCLOUD_WIDE_FLAG ]
    DESCRIPTION
    Imports wrapped key material into a new version within an existing crypto key following the import procedure documented at https://cloud.google.com/kms/docs/importing-a-key .
    EXAMPLES
    The following command will read the files 'path/to/ephemeral/key' and 'path/to/target/key' and use them to create a new version with algorithm 'google-symmetric-encryption' within the 'frodo' crypto key, 'fellowship' keyring, and 'us-central1' location using import job 'strider' to unwrap the provided key material. 
     gcloud  
kms  
keys  
versions  
import  
 --location 
 = 
global  
 --keyring 
 = 
fellowship  
 --key 
 = 
frodo  
 --import-job 
 = 
strider  
 --wrapped-key-file 
 = 
path/to/target/key  
 --algorithm 
 = 
google-symmetric-encryption
    REQUIRED FLAGS
    --algorithm = ALGORITHM
    The algorithm to assign to the new key version. For more information about supported algorithms, see https://cloud.google.com/kms/docs/algorithms . ALGORITHM must be one of: aes-128-cbc , aes-128-ctr , aes-128-gcm , aes-256-cbc , aes-256-ctr , aes-256-gcm , ec-sign-ed25519 , ec-sign-p256-sha256 , ec-sign-p384-sha384 , ec-sign-secp256k1-sha256 , google-symmetric-encryption , hmac-sha1 , hmac-sha224 , hmac-sha256 , hmac-sha384 , hmac-sha512 , kem-xwing , ml-kem-1024 , ml-kem-768 , pq-sign-hash-slh-dsa-sha2-128s-sha256 , pq-sign-ml-dsa-44 , pq-sign-ml-dsa-44-external-mu , pq-sign-ml-dsa-65 , pq-sign-ml-dsa-65-external-mu , pq-sign-ml-dsa-87 , pq-sign-ml-dsa-87-external-mu , pq-sign-slh-dsa-sha2-128s , rsa-decrypt-oaep-2048-sha1 , rsa-decrypt-oaep-2048-sha256 , rsa-decrypt-oaep-3072-sha1 , rsa-decrypt-oaep-3072-sha256 , rsa-decrypt-oaep-4096-sha1 , rsa-decrypt-oaep-4096-sha256 , rsa-decrypt-oaep-4096-sha512 , rsa-sign-pkcs1-2048-sha256 , rsa-sign-pkcs1-3072-sha256 , rsa-sign-pkcs1-4096-sha256 , rsa-sign-pkcs1-4096-sha512 , rsa-sign-pss-2048-sha256 , rsa-sign-pss-3072-sha256 , rsa-sign-pss-4096-sha256 , rsa-sign-pss-4096-sha512 , rsa-sign-raw-pkcs1-2048 , rsa-sign-raw-pkcs1-3072 , rsa-sign-raw-pkcs1-4096 .
    --import-job = IMPORT_JOB
    Name of the import job to import from.
    OPTIONAL FLAGS
    --key = KEY
    The containing key to import into.
    --keyring = KEYRING
    Key ring of the key.
    --location = LOCATION
    Location of the keyring.
    --public-key-file = PUBLIC_KEY_FILE
    Path to the public key of the ImportJob, used to wrap the key for import. If missing, the public key will be fetched on your behalf.
    --target-key-file = TARGET_KEY_FILE
    Path to the unwrapped target key to import into a Cloud KMS key version. If specified, the key will be securely wrapped before transmission to Google.
    --version = VERSION
    Version to re-import into. Omit this field for first-time import.
    --wrapped-key-file = WRAPPED_KEY_FILE
    Path to the RSA/RSA+AES wrapped key file to import.
    GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file , --account , --billing-project , --configuration , --flags-file , --flatten , --format , --help , --impersonate-service-account , --log-http , --project , --quiet , --trace-token , --user-output-enabled , --verbosity .

    Run $ gcloud help for details.

    NOTES
    These variants are also available: 
      gcloud  
alpha  
kms  
keys  
versions  
import 
 

      gcloud  
beta  
kms  
keys  
versions  
import
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: