application commands
security key-manager external gcp enable
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Enable a Google Cloud KMS
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command enables the Google Cloud Key Management Service (GCKMS) associated with the given Vserver. A GCP project and GCKMS must be deployed on the GCP portal prior to running this command. GCKMS can ony be enabled on a data Vserver that doesn't already have a key manager configured. GCKMS cannot be enabled in a MetroCluster environment.
Parameters
-vserver <Vserver Name>- Vserver-
Use this parameter to specify the Vserver on which the GCKMS is to be enabled.
-project-id <text>- Google Cloud KMS Project(Application) ID-
Use this parameter to specify the project ID of the deployed GCP project.
-key-ring-name <text>- Google Cloud KMS Key Ring Name-
Use this parameter to specify the key ring name of the deployed GCP project.
-key-ring-location <text>- Google Cloud KMS Key Ring Location-
Use this parameter to specify the location of the key ring.
-key-name <text>- Google Cloud KMS Key Encryption Key Name-
Use this parameter to specify the key name of the GCKMS Key Encryption Key (KEK).
[-oauth-host <text>]- Open Authorization Host Name-
Use this parameter to specify the host name of the Open Authorization server.
[-oauth-url <text>]- Open Authorization URL-
Use this parameter to specify the URL of the Open Authorization access token.
Examples
The following example enables the GCKMS for Vserver v1. The parameters in the example command identify a Google Cloud Platform (GCP) project application deployed on the GCP. The GCP project application has a Project ID "test_project", a key ring name "key_ring_for_test_project", a key ring location "secure_location_for_key_ring", a key name "testKEK" and OAuth server at 10.12.34.1.
cluster-1::*> security key-manager external gcp enable -vserver v1 -project-id test_project -key-ring-name key_ring_for_test_project -key-ring-location secure_location_for_key_ring -key-name testKEK -oauth-host 10.12.34.1 Enter the contents of the Google Cloud Key Management Service account key file (json file): Press <Enter> when done