Breadcrumbs

CLI


  1. To create an import job, follow the steps as described below:

    1. Use the same key ring and location as the target key.

    2. Set the protection level to either software or hsm.

    3. Set the import method to either rsa-oaep-3072-sha256-aes-256 or rsa-oaep-4096-sha256-aes-256.

›_ Console 

> gcloud kms import-jobs create <import-job> --location <location> --keyring

<key-ring-name> --import-method <import-method> --protection-level

<protection-level>
tmpdx1zenmq.jpg

Creating import job

  1. To verify that the import job is active, run the following command.

›_ Console 

> gcloud kms import-jobs describe <import-job> --location <location> --keyring

<key-ring-name> --format="value(state)"
tmpgqv69yi3.jpg

Verifying import job status

  1. Run the following command to save the public key of the import job.

›_ Console 

> gcloud kms import-jobs describe --location=<location> --keyring=<keyring> --format="value(publicKey.pem)" <import-job-name> > wrapping-key.pem
tmpg5keld4j.jpg

Downloading wrapping key