gcloud kms encrypt - encrypt a plaintext file using a key

gcloud kms encrypt--ciphertext-file=CIPHERTEXT_FILE--plaintext-file=PLAINTEXT_FILE[--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE][--key=KEY][--keyring=KEYRING][--location=LOCATION][--skip-integrity-verification][--version=VERSION][GCLOUD_WIDE_FLAG …]

If an additional authenticated data file is provided, its contents must also beprovided during decryption. The file must not be larger than 64KiB.

The flag--version indicates the version of the key to use forencryption. By default, the primary version is used.

If--plaintext-file or--additional-authenticated-data-file is set to '-', that file isread from stdin. Similarly, if--ciphertext-file is set to '-', theciphertext is written to stdout.

By default, the command performs integrity verification on data sent to andreceived from Cloud KMS. Use--skip-integrity-verification todisable integrity verification.

--ciphertext-file=CIPHERTEXT_FILE

File path of the ciphertext file to output.

--plaintext-file=PLAINTEXT_FILE

File path of the plaintext file to encrypt.

--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE

File path to the optional file containing the additional authenticated data.

--key=KEY

The key to use for encryption.

--keyring=KEYRING

Key ring of the key.

--location=LOCATION

Location of the keyring.

--skip-integrity-verification

Skip integrity verification on request and response API fields.

--version=VERSION

Version to use for encryption.

Run$gcloud help for details.