- NAME
-
- gcloud kms single-tenant-hsm create - create a single tenant HSM instance
- SYNOPSIS
-
-
gcloud kms single-tenant-hsm create--location=LOCATION--total-approver-count=TOTAL_APPROVER_COUNT[--key-portability-enabled] [--single-tenant-hsm-instance-id=SINGLE_TENANT_HSM_INSTANCE_ID] [GCLOUD_WIDE_FLAG …]
-
- EXAMPLES
- The following command creates a single tenant HSM instance within the location
us-central1with a total approver count of 3:gcloud kms single-tenant-hsm create --location = us-central1 --total-approver-count = 3The following command creates a single tenant HSM instance within the location
us-central1with a total approver count of 3, and the single tenant HSM instance IDmy_stchi:gcloud kms single-tenant-hsm create --location = us-central1 --total-approver-count = 3 --single-tenant-hsm-instance-id = my_stchi - REQUIRED FLAGS
-
- Location resource - The KMS location resource. This represents a Cloud resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
To set the
projectattribute:- provide the argument
--locationon the command line with a fully specified name; - set the property
core/project.
This must be specified.
-
--location=LOCATION - ID of the location or fully qualified identifier for the location.
To set the
locationattribute:- provide the argument
--locationon the command line.
- provide the argument
- provide the argument
-
--total-approver-count=TOTAL_APPROVER_COUNT - The total number of approvers. This is the N value used for M of N quorum auth. Must be greater than or equal to 3 and less than or equal to 16.
- Location resource - The KMS location resource. This represents a Cloud resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
- OPTIONAL FLAGS
-
-
--key-portability-enabled - If set, the single tenant HSM instance will be able to perform key portability operations.
-
--single-tenant-hsm-instance-id=SINGLE_TENANT_HSM_INSTANCE_ID - Specify an ID for the single tenant HSM instance. It must be unique within a
location and match the regular expression
[a-zA-Z0-9-]{1,63}.
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- These variants are also available:
gcloud alpha kms single-tenant-hsm creategcloud beta kms single-tenant-hsm create
gcloud kms single-tenant-hsm create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
