CLI: Importing Wrapped Key to GCP KMS | Utimaco Integration Guides

To import your WrappedKey.byok into GCP KMS, use the following command.

›_ Console
`> gcloud kms keys versions import --import-job <import-job> --location <location> --keyring <key-ring-name> --key <KEY_NAME> --algorithm <algorithm-name> --wrapped-key-file <path-to- WrappedKey.byok>`

›_ Console

> gcloud kms keys versions import --import-job <import-job> --location
<location> --keyring <key-ring-name> --key <KEY_NAME> --algorithm <algorithm-name> --wrapped-key-file <path-to- WrappedKey.byok>

Importing wrapped key file

The key-import request is initiated. The initial state for an imported key is PENDING_IMPORT. When the state is ENABLED, the key has been imported successfully. If the import fails, the status is IMPORT_FAILED.

List the version of the key and verify its status.

›_ Console
`> gcloud kms keys versions list --keyring <key-ring-name> --location <location> --key <KEY_NAME>`

Verifying key version and status

You can set this key version as Primary by using below command.

›_ Console
`> gcloud kms keys set-primary-version <KEY_NAME> --location=<location> --keyring=<key-ring-name> --version=<version_number>`

Setting imported key version as primary