gcloud alpha kms keys versions describe - get metadata for a given version
gcloud alpha kms keys versions describe VERSION [--attestation-file=ATTESTATION_FILE] [--key=KEY] [--keyring=KEYRING] [--location=LOCATION] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Returns metadata for the given version.
The optional flag attestation-file specifies file to write the attestation object into. The attestation object enables the user to verify the integrity and provenance of the key. See https://cloud.google.com/kms/docs/attest-key for more information about attestations.
The following command returns metadata for version 2 within key frodo within the keyring fellowship in the location us-east1:
$ gcloud alpha kms keys versions describe 2 --key=frodo \ --keyring=fellowship --location=us-east1
For key versions with protection level HSM, use the --attestation-file flag to save the attestation to a local file.
$ gcloud alpha kms keys versions describe 2 --key=frodo \ --keyring=fellowship --location=us-east1 \ --attestation-file=path/to/attestation.dat
- VERSION
Name of the version to describe.
- --attestation-file=ATTESTATION_FILE
Path to the output attestation file.
- --key=KEY
The containing key.
- --keyring=KEYRING
Key ring of the key.
- --location=LOCATION
Location of the keyring.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud kms keys versions describe
$ gcloud beta kms keys versions describe