gcloud alpha kms keyrings set-iam-policy - set the IAM policy for a keyring
gcloud alpha kms keyrings set-iam-policy KEYRING POLICY_FILE [--location=LOCATION] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Sets the IAM policy for the given keyring as defined in a JSON or YAML file.
See https://cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
The following command will read am IAM policy defined in a JSON file 'policy.json' and set it for the keyring fellowship with location global:
$ gcloud alpha kms keyrings set-iam-policy fellowship policy.json \ --location=global
- KEYRING
Name of the key ring whose IAM policy to update.
- POLICY_FILE
JSON or YAML file with the IAM policy
- --location=LOCATION
Location of the keyring.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud kms keyrings set-iam-policy
$ gcloud beta kms keyrings set-iam-policy