mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 23:51:08 +02:00
Code Issues Projects Releases Wiki Activity

Add managed key docs for gcp (#17280)

Browse Source 
* add managed key docs for gcp

* fix algorithm parameter

* add missing bracket
This commit is contained in:
Rachel Culpepper 2022-09-22 15:44:21 -04:00 committed by GitHub
parent 4a4fa72ff3
commit 6fc6bb1bb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
website/content/api-docs/system/managed-keys.mdx
View File

@ -216,6 +216,39 @@ $ curl \
- `key_type` `(string: <required>)`: The type of key to use. At this time only supported value is `RSA`. - `key_type` `(string: <required>)`: The type of key to use. At this time only supported value is `RSA`.
#### GCP Cloud KMS Parameters
- `credentials` `(string: <required>)`: The path of the credential file to use for authenticating to GCP.
This can also be provided in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
- `crypto_key` `(string: <required>)`: The name of the GCP Cloud KMS key. If there is no existing key
and `allow_generate_key` is `true`, Vault will generate a key with this name.
- `crypto_key_version` `(string: "1")`: The version of the key to use.
- `key_ring` `(string: <required>)`: The name of the key ring in GCP Cloud KMS.
- `project` `(string: <required>)`: The ID of the GCP project.
- `region` `(string: <required>)`: The region where the key ring was created. This can also be provided
with the `GOOGLE_REGION` environment variable.
- `algorithm` `(string: <required>)`: The signature algorithm to be used with the key. Supported
values for signature algorithms are:
- `EC_SIGN_P256_SHA256`
- `EC_SIGN_P384_SHA384`
- `EC_SIGN_P256_SHA256`
- `RSA_SIGN_PSS_2048_SHA256`
- `RSA_SIGN_PSS_3072_SHA256`
- `RSA_SIGN_PSS_4096_SHA256`
- `RSA_SIGN_PSS_4096_SHA512`
- `RSA_SIGN_PKCS1_2048_SHA256`
- `RSA_SIGN_PKCS1_3072_SHA256`
- `RSA_SIGN_PKCS1_4096_SHA256`
- `RSA_SIGN_PKCS1_4096_SHA512`
For more information, see the GCP Cloud KMS [documentation for signing algorithms](https://cloud.google.com/kms/docs/algorithms).
## Read managed key ## Read managed key
This endpoint returns the managed key configuration at the given path. This endpoint returns the managed key configuration at the given path.

6
website/content/docs/enterprise/managed-keys.mdx
View File

@ -13,7 +13,7 @@ external to Vault, when handling, storing, and interacting with
private key material, or are required to do so by standards requirements. private key material, or are required to do so by standards requirements.
To satisfy these requirements, Vault has a centralized abstraction called To satisfy these requirements, Vault has a centralized abstraction called
*Managed Keys* that different secrets engines can plug into, allowing them to *Managed Keys* that different secrets engines can plug into, allowing them to
delegate these operations to a trusted external KMS. delegate these operations to a trusted external KMS.
Minimally, a managed key consists of a named managed key entry managed by the Minimally, a managed key consists of a named managed key entry managed by the
@ -37,8 +37,8 @@ as the Managed Key for which it intends to use.
## Backend Support ## Backend Support
Managed Keys were developed to support different types of external backends. At Managed Keys were developed to support different types of external backends. At
this time supported backends are PKCS#11, AWS KMS and Azure Key Vault. this time supported backends are PKCS#11, AWS KMS, Azure Key Vault, and Google
Support for additional integrations may be added in the future. Cloud KMS. Support for additional integrations may be added in the future.
## Secret and Auth Engine Support ## Secret and Auth Engine Support