gcloud_alpha_kms_encrypt (1)
NAME
- gcloud alpha kms encrypt - encrypt a plaintext file using a key
SYNOPSIS
-
gcloud alpha kms encrypt --ciphertext-file=CIPHERTEXT_FILE --plaintext-file=PLAINTEXT_FILE [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] [--key=KEY] [--keyring=KEYRING] [--location=LOCATION] [--version=VERSION] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Encrypts the given plaintext file using the given CryptoKey and
If an additional authenticated data file is provided, its contents must also be provided during decryption. The file must not be larger than 64KiB.
The flag --version indicates the version of the key to use for encryption. By default, the primary version is used.
If --plaintext-file or --additional-authenticated-data-file is set to '-', that file is read from stdin. Similarly, if --ciphertext-file is set to '-', the ciphertext is written to stdout.
REQUIRED FLAGS
-
- --ciphertext-file=CIPHERTEXT_FILE
-
File path of the ciphertext file to output.
- --plaintext-file=PLAINTEXT_FILE
-
File path of the plaintext file to encrypt.
OPTIONAL FLAGS
-
- --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE
-
File path to the optional file containing the additional authenticated data.
- --key=KEY
-
The key to use for encryption.
- --keyring=KEYRING
-
Key ring of the key.
- --location=LOCATION
-
Location of the keyring.
- --version=VERSION
-
Version to use for encryption.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
EXAMPLES
The following command will read the file 'path/to/plaintext', encrypt it using the CryptoKey frodo with the KeyRing fellowship and Location global, and write the ciphertext to 'path/to/ciphertext'.
-
$ gcloud alpha kms encrypt \
--key frodo \
--keyring fellowship \
--location global \
--plaintext-file path/to/input/plaintext \
--ciphertext-file path/to/output/ciphertext
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:
- $ gcloud kms encrypt $ gcloud beta kms encrypt