CLI: Create Cryptographic Key on GCP KMS | Utimaco Integration Guides

Create the target key ring.

›_ Console
`> gcloud kms keyrings create <key-ring-name> --location <location>`

Google Cloud Keyring creation

Create the target key.
1. Set the key's purpose:
  1. For a symmetric key, set the purpose to "encryption".
  2. For an asymmetric key, set the purpose to either "asymmetric-signing" or "asymmetric-encryption".
2. Prevent an initial version from being created by using the --skip-initial-version-creation flag.
3. Do not set the protection level.
4. Do not specify an algorithm for the target key. Specify the algorithm of the imported key as a part of the import request.

›_ Console
`> gcloud kms keys create <key-name> --location <location> --keyring <key-ring-name> --purpose <purpose> --import-only --skip-initial-version-creation`

Creating imported key

For the imported keys, automatic rotation is disabled by default. If you enable automatic rotation, new key versions will be generated in the Cloud KMS, and the imported key version will no longer be the default key version after a rotation.