gcloud kms keys set-iam-policy - set the IAM policy for a key
gcloud kms keys set-iam-policy KEY POLICY_FILE [--keyring=KEYRING] [--location=LOCATION] [GCLOUD_WIDE_FLAG ...]
Sets the IAM policy for the given key as defined in a JSON or YAML file.
See https://cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
The following command will read am IAM policy defined in a JSON file 'policy.json' and set it for the key frodo with the keyring fellowship and location global:
$ gcloud kms keys set-iam-policy frodo policy.json \ --keyring=fellowship --location=global
- KEY
Name of the key whose IAM policy to update.
- POLICY_FILE
JSON or YAML file with the IAM policy
- --keyring=KEYRING
Key ring of the key.
- --location=LOCATION
Location of the key.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha kms keys set-iam-policy
$ gcloud beta kms keys set-iam-policy