gcloud kms keys versions get-certificate-chain - get a certificate chain for a given version
gcloud kms keys versions get-certificate-chain VERSION [--certificate-chain-type=CERTIFICATE_CHAIN_TYPE; default="all"] [--key=KEY] [--keyring=KEYRING] [--location=LOCATION] [--output-file=OUTPUT_FILE] [GCLOUD_WIDE_FLAG ...]
Returns the PEM-format certificate chain for the specified key version. The optional flag output-file indicates the path to store the PEM. If not specified, the PEM will be printed to stdout.
The following command saves the Cavium certificate chain for CryptoKey frodo Version 2 to /tmp/my/cavium.pem:
$ gcloud kms keys versions get-certificate-chain 2 --key=frodo \ --keyring=fellowship --location=us-east1 \ --certificate-chain-type=cavium --output-file=/tmp/my/cavium.pem
- VERSION
Name of the version from which to get the certificate chain.
- --certificate-chain-type=CERTIFICATE_CHAIN_TYPE; default="all"
Certificate chain to retrieve. CERTIFICATE_CHAIN_TYPE must be one of: all, cavium, google-card, google-partition.
- --key=KEY
The containing key.
- --keyring=KEYRING
Key ring of the key.
- --location=LOCATION
Location of the keyring.
- --output-file=OUTPUT_FILE
Path to the output file to store PEM.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha kms keys versions get-certificate-chain
$ gcloud beta kms keys versions get-certificate-chain