gcloud_alpha_kms_keys_set-iam-policy (1)
NAME
- gcloud alpha kms keys set-iam-policy - set the IAM policy for a key
SYNOPSIS
-
gcloud alpha kms keys set-iam-policy (KEY : --keyring=KEYRING --location=LOCATION) POLICY_FILE [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Sets the IAM policy for the given key as defined in a JSON or YAML
See cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
POSITIONAL ARGUMENTS
-
-
Key resource - The key whose IAM policy to update. The arguments in this group
can be used to specify the attributes of this resource. (NOTE) Some attributes
are not given arguments in this group but can be set in other ways. To set the
[project] attribute: provide the argument [key] on the command line with a fully
specified name; provide the argument [--project] on the command line; set the
property [core/project]. This must be specified.
-
- KEY
-
ID of the key or fully qualified identifier for the key. This positional must be
specified if any of the other arguments in this group are specified.
- --keyring=KEYRING
-
The containing keyring.
- --location=LOCATION
-
The location of the key.
-
- POLICY_FILE
-
Path to a local JSON or YAML formatted file containing a valid policy.
The output of the get-iam-policy command is a valid file, as is any JSON or YAML file conforming to the structure of a Policy (cloud.google.com/iam/reference/rest/v1/Policy
-
Key resource - The key whose IAM policy to update. The arguments in this group
can be used to specify the attributes of this resource. (NOTE) Some attributes
are not given arguments in this group but can be set in other ways. To set the
[project] attribute: provide the argument [key] on the command line with a fully
specified name; provide the argument [--project] on the command line; set the
property [core/project]. This must be specified.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
API REFERENCE
This command uses the cloudkms/v1 API. The full documentation for this API can be found at: cloud.google.com/kms
EXAMPLES
The following command will read am IAM policy defined in a JSON file 'policy.json' and set it for the key frodo with the keyring fellowship and location global:
$ gcloud alpha kms keys set-iam-policy frodo policy.json \.RS 2m --keyring fellowship --location global
See cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:
- $ gcloud kms keys set-iam-policy $ gcloud beta kms keys set-iam-policy