gcloud beta kms ekm-connections create - create a new ekm connection

gcloud beta kms ekm-connections create(EKM_CONNECTION :--location=LOCATION)--hostname=HOSTNAME--server-certificates-files=[SERVER_CERTIFICATES,…]--service-directory-service=SERVICE_DIRECTORY_SERVICE[--endpoint-filter=ENDPOINT_FILTER][--crypto-space-path=CRYPTO_SPACE_PATH--key-management-mode=KEY_MANAGEMENT_MODE][GCLOUD_WIDE_FLAG …]

gcloudbetakmsekm-connectionscreatelaplace--location=us-central1--service-directory-service="foo"--endpoint-filter="foo > bar"--hostname="hostname.foo"--server-certificates-files=foo.pem,bar.pem

The following command creates an ekm connection namedlaplacewithin the locationus-central1 incloud-kms keymanagement mode with the required crypto-space-path :

gcloudbetakmsekm-connectionscreatelaplace--location=us-central1--service-directory-service="foo"--endpoint-filter="foo > bar"--hostname="hostname.foo"--key-management-mode=cloud-kms--crypto-space-path="foo"--server-certificates-files=foo.pem,bar.pem

Ekmconnection resource - The KMS ekm connection resource. The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.

To set theproject attribute:

• provide the argumentekm_connection on the command line with afully specified name;
• set the propertycore/project.

This must be specified.

EKM_CONNECTION

ID of the ekmconnection or fully qualified identifier for the ekmconnection.

To set theekmconnection attribute:

• provide the argumentekm_connection on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--location=LOCATION

The Google Cloud location for the ekmconnection.

To set thelocation attribute:

• provide the argumentekm_connection on the command line with afully specified name;
• provide the argument--location on the command line.

--hostname=HOSTNAME

The hostname of the EKM replica used at TLS and HTTP layers.

--server-certificates-files=[SERVER_CERTIFICATES,…]

A list of filenames of leaf server certificates used to authenticate HTTPSconnections to the EKM replica in PEM format. If files are not in PEM, theassumed format will be DER.

--service-directory-service=SERVICE_DIRECTORY_SERVICE

The resource name of the Service Directory service pointing to an EKM replica.

--endpoint-filter=ENDPOINT_FILTER

The filter applied to the endpoints of the resolved service. If no filter isspecified, all endpoints will be considered.

Specifies the key management mode for the EkmConnection and associated fields.

--crypto-space-path=CRYPTO_SPACE_PATH

Crypto space path for the EkmConnection. Required during EkmConnection creationif--key-management-mode=cloud-kms.

--key-management-mode=KEY_MANAGEMENT_MODE

Key management mode of the ekm connection. An EkmConnection incloud-kms mode means Cloud KMS will attempt to create and managethe key material that resides on the EKM for crypto keys created with thisEkmConnection. An EkmConnection inmanual mode means the externalkey material will not be managed by Cloud KMS. Omitting the flag defaults tomanual.KEY_MANAGEMENT_MODE must be one of:manual,cloud-kms.

Run$gcloud help for details.