NAME

gcloud iot devices credentials create - add a new credential to a device

SYNOPSIS

gcloud iot devices credentials create --path=PATH --type=TYPE (--device=DEVICE : --region=REGION --registry=REGISTRY) [--expiration-time=EXPIRATION_TIME] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

A device may have at most 3 credentials.

EXAMPLES

To add an RSA public key wrapped in an X.509v3 certificate to a device, run:

$ gcloud iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/cert.pem --type=rsa-x509-pem

To add a public key for the ECDSA algorithm to a device, run:

$ gcloud iot devices credentials create --region=us-central1 \ --registry=my-registry --device=my-device \ --path=/path/to/ec_public.pem --type=es256-pem

REQUIRED FLAGS

--path=PATH

The path on disk to the file containing the key.

--type=TYPE

The type of the key. TYPE must be one of:

es256

Deprecated nmame for es256-pem

es256-pem

Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify JWT tokens with the ES256 algorithm (RFC7518 https://www.ietf.org/rfc/rfc7518.txt). This curve is defined in OpenSSL https://www.openssl.org/ as the prime256v1 curve.

es256-x509-pem

As ES256_PEM, but wrapped in an X.509v3 certificate (RFC5280 https://www.ietf.org/rfc/rfc5280.txt), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

rs256

Deprecated name for rsa-x509-pem

rsa-pem

An RSA public key encoded in base64, and wrapped by -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. This can be used to verify RS256 signatures in JWT tokens (RFC7518 https://www.ietf.org/rfc/rfc7518.txt).

rsa-x509-pem

As RSA_PEM, but wrapped in an X.509v3 certificate (RFC5280 https://www.ietf.org/rfc/rfc5280.txt), encoded in base64, and wrapped by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Device resource - The device for which to create credentials. The arguments in

this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:

provide the argument --device on the command line with a fully specified name;

provide the argument --project on the command line;

set the property core/project.

This must be specified.

--device=DEVICE

ID of the device or fully qualified identifier for the device. To set the device attribute:

  • provide the argument --device on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--region=REGION

The Cloud region for the device. To set the region attribute:

  • provide the argument --device on the command line with a fully specified name;

  • provide the argument --region on the command line.

--registry=REGISTRY

The device registry for the device. To set the registry attribute:

  • provide the argument --device on the command line with a fully specified name;

  • provide the argument --registry on the command line.

OPTIONAL FLAGS

--expiration-time=EXPIRATION_TIME

The expiration time for the key. See $ gcloud topic datetimes for information on time formats.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha iot devices credentials create

$ gcloud beta iot devices credentials create