gcloud kms - manage cryptographic keys in the cloud

gcloud kmsGROUP |COMMAND[GCLOUD_WIDE_FLAG …]

Cloud KMS is a cloud-hosted key management service that lets you manageencryption for your cloud services the same way you do on-premises. You cangenerate, use, rotate and destroy AES256 encryption keys. Cloud KMS isintegrated with IAM and Cloud Audit Logging so that you can manage permissionson individual keys, and monitor how these are used. Use Cloud KMS to protectsecrets and other sensitive data which you need to store in Google CloudPlatform.

More information on Cloud KMS can be found here:https://cloud.google.com/kms/ anddetailed documentation can be found here:https://cloud.google.com/kms/docs/

Run$gcloud help for details.

autokey-config

Update and retrieve the AutokeyConfig.

ekm-config

Update and retrieve the EkmConfig.

ekm-connections

Create and manage ekm connections.

import-jobs

Create and manage import jobs.

inventory

Manages the KMS Inventory and Key Tracking commands.

key-handles

Create and manage KeyHandle resources.

keyrings

Create and manage keyrings.

keys

Create and manage keys.

locations

View locations available for a project.

operations

Commands for managing operations.

single-tenant-hsm

Commands for managing single tenant HSM instances.

asymmetric-decrypt

Decrypt an input file using an asymmetric-encryption key version.

asymmetric-sign

Sign a user input file using an asymmetric-signing key version.

decapsulate

Decapsulate an input file using a key-encapsulation key version.

decrypt

Decrypt a ciphertext file using a Cloud KMS key.

encrypt

Encrypt a plaintext file using a key.

mac-sign

Sign a user input file using a MAC key version.

mac-verify

Verify a user signature file using a MAC key version.

raw-decrypt

Decrypt a ciphertext file using a raw key.

raw-encrypt

Encrypt a plaintext file using a raw key.