NAME

gcloud alpha storage service-agent - manage a project's Cloud Storage service agent, which is used to perform Cloud KMS operations

SYNOPSIS

gcloud alpha storage service-agent [--authorize-cmek=AUTHORIZE_CMEK] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) gcloud alpha storage service-agent displays the Cloud Storage service agent, which is used to perform Cloud KMS operations against your a default or supplied project. If the project does not yet have a service agent, gcloud alpha storage service-agent creates one.

EXAMPLES

To show the service agent for your default project:

$ gcloud alpha storage service-agent

To show the service account for my-project:

$ gcloud alpha storage service-agent --project=my-project

To authorize your default project to use a Cloud KMS key:

$ gcloud alpha storage service-agent \ --authorize-cmek=projects/key-project/locations/us-east1/\ keyRings/key-ring/cryptoKeys/my-key

FLAGS

--authorize-cmek=AUTHORIZE_CMEK

Adds appropriate encrypt/decrypt permissions to the specified Cloud KMS key. This allows the Cloud Storage service agent to write and read Cloud KMS-encrypted objects in buckets associated with the service agent's project.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:

$ gcloud storage service-agent