This page describes how to get your MACsec keys for MACsec for Cloud Interconnect.
MACsec for Cloud Interconnect generates GCM-AES-256 connectivity association key (CAK) and connectivity association key name (CKN) values. You use the values that MACsec for Cloud Interconnect generates when you configure your on-premises router. You can get the values at any time after configuring pre-shared keys on your Cloud Interconnect connection.
For more information, see Configure your on-premises router .
Required roles
To get the permissions that
you need to retrieve MACsec keys,
ask your administrator to grant you the Compute Network Admin
( roles/compute.networkAdmin
)
IAM role on your project.
For more information about granting roles, see Manage access to projects, folders, and organizations
.
You might also be able to get the required permissions through custom roles or other predefined roles .
If you choose to use custom roles, ensure that your custom role for
administrating MACsec for Cloud Interconnect includes the compute.interconnects.getMacsecConfig
IAM permission.
Get pre-shared keys
Select one of the following options:
Console
-
In the Google Cloud console, go to the Cloud Interconnect Physical connectionstab.
-
Select the connection that you want to view.
-
On the MACsectab, go to the Pre-shared keyssection and find the name of the pre-shared key, and then click View. A window displays the connectivity association key ( CAK) and the connectivity association key name ( CKN). Click the Copybutton to copy each value to your computer's clipboard.
-
Click Close.
gcloud
Run the following command:
gcloud compute interconnects macsec get-config INTERCONNECT_CONNECTION_NAME
Replace INTERCONNECT_CONNECTION_NAME
with the name of your
Cloud Interconnect connection.
The output is similar to the following:
preSharedKeys
:
-
cak
:
0123456789abcdef...0123456789abcdef
ckn
:
0101016789abcdef...0123456789abcdef
name
:
key1
startTime
:
2023-07-01T21:00:01.000Z
