gcloud alpha iot devices credentials create - add a new credential to a device
gcloud alpha iot devices credentials create --path=PATH --type=TYPE (--device=DEVICE : --region=REGION --registry=REGISTRY) [--expiration-time=EXPIRATION_TIME] [GCLOUD_WIDE_FLAG ...]
(ALPHA) A device may have at most 3 credentials.
To add an RSA public key wrapped in an X.509v3 certificate to a device, run:
$ gcloud alpha iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/cert.pem --type=rsa-x509-pem
To add a public key for the ECDSA algorithm to a device, run:
$ gcloud alpha iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/ec_public.pem --type=es256-pem
- --path=PATH
The path on disk to the file containing the key.
- --type=TYPE
The type of the key. TYPE must be one of:
- es256
Deprecated nmame for es256-pem
- es256-pem
Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify JWT tokens with the ES256 algorithm (RFC7518 https://www.ietf.org/rfc/rfc7518.txt). This curve is defined in OpenSSL https://www.openssl.org/ as the prime256v1 curve.
- es256-x509-pem
As ES256_PEM, but wrapped in an X.509v3 certificate (RFC5280 https://www.ietf.org/rfc/rfc5280.txt), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
- rs256
Deprecated name for rsa-x509-pem
- rsa-pem
An RSA public key encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify RS256 signatures in JWT tokens (RFC7518 https://www.ietf.org/rfc/rfc7518.txt).
- rsa-x509-pem
As RSA_PEM, but wrapped in an X.509v3 certificate (RFC5280 https://www.ietf.org/rfc/rfc5280.txt), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
- Device resource - The device for which to create credentials. The arguments in
this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument --device on the command line with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
This must be specified.
- --device=DEVICE
ID of the device or fully qualified identifier for the device. To set the device attribute:
provide the argument --device on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
- --region=REGION
The Cloud region for the device. To set the region attribute:
provide the argument --device on the command line with a fully specified name;
provide the argument --region on the command line.
- --registry=REGISTRY
The device registry for the device. To set the registry attribute:
provide the argument --device on the command line with a fully specified name;
provide the argument --registry on the command line.
- --expiration-time=EXPIRATION_TIME
The expiration time for the key. See $ gcloud topic datetimes for information on time formats.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iot devices credentials create
$ gcloud beta iot devices credentials create