gcloud alpha kms ekm-connections create - create a new ekm connection
gcloud alpha kms ekm-connections create (EKM_CONNECTION : --location=LOCATION) --hostname=HOSTNAME --server-certificates-files=[SERVER_CERTIFICATES,...] --service-directory-service=SERVICE_DIRECTORY_SERVICE [--endpoint-filter=ENDPOINT_FILTER] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Creates a new connection within the given location.
The following command creates an ekm connection named laplace within the location us-central1:
$ gcloud alpha kms ekm-connections create laplace \ --location=us-central1 --service-directory-service="foo" \ --endpoint-filter="foo > bar" --hostname="hostname.foo" \ --server-certificates-files=foo.pem,bar.pem
- Ekmconnection resource - The KMS ekm connection resource. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument ekm_connection on the command line with a fully specified name;
- —
set the property core/project.
This must be specified.
- EKM_CONNECTION
ID of the ekmconnection or fully qualified identifier for the ekmconnection. To set the ekmconnection attribute:
provide the argument ekm_connection on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
- --location=LOCATION
The Cloud location for the ekmconnection. To set the location attribute:
provide the argument ekm_connection on the command line with a fully specified name;
provide the argument --location on the command line.
- --hostname=HOSTNAME
The hostname of the EKM replica used at TLS and HTTP layers.
- --server-certificates-files=[SERVER_CERTIFICATES,...]
A list of filenames of leaf server certificates used to authenticate HTTPS connections to the EKM replica in PEM format. If files are not in PEM, the assumed format will be DER.
- --service-directory-service=SERVICE_DIRECTORY_SERVICE
The resource name of the Service Directory service pointing to an EKM replica.
- --endpoint-filter=ENDPOINT_FILTER
The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud kms ekm-connections create
$ gcloud beta kms ekm-connections create