mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 23:21:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/api-docs/secret/key-management/gcpkms.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

51 lines
2.7 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: GCP Cloud KMS - Key Management - Secrets Engines - HTTP API
description: The GCP Cloud KMS API documentation for the Key Management secrets engine.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# GCP Cloud KMS (API)
The Key Management secrets engine supports lifecycle management of keys in [GCP Cloud KMS](https://cloud.google.com/security-key-management)
[key rings](https://cloud.google.com/kms/docs/resource-hierarchy#key_rings). This is accomplished by
configuring a KMS provider resource with the `gcpckms` provider and other provider-specific parameter
values.
The following sections provide API documentation that is specific to GCP Cloud KMS.
## Create/Update KMS provider
This endpoint creates or updates a KMS provider. If a KMS provider with the given `name`
does not exist, it will be created. If the KMS provider exists, it will be updated with
the given parameter values.
| Method | Path |
| :----- | :------------------- |
| `POST` | `/keymgmt/kms/:name` |
### Parameters
- `name` `(string: <required>)` Specifies the name of the KMS provider to create or update.
This is provided as part of the request URL.
- `provider` `(string: <required>)` Specifies the name of a KMS provider that's external to
Vault. Must be set to `gcpckms`. Cannot be changed after creation.
- `key_collection` `(string: <required>)` Refers to the
[resource ID](https://cloud.google.com/kms/docs/resource-hierarchy#retrieve_resource_id)
of an existing GCP Cloud KMS [key ring](https://cloud.google.com/kms/docs/resource-hierarchy#key_rings).
Cannot be changed after creation.
- `credentials` `(map<string|string>: nil)` The credentials to use for authentication with GCP
Cloud KMS. Supplying values for this parameter is optional, as credentials may also be specified
as environment variables. See the [authentication](/vault/docs/secrets/key-management/gcpkms#authentication)
section for details on precedence.
- `service_account_file` `(string: <required>)` - The path to a Google service account key file. The
key file must be readable on the host that Vault server is running on. May also be provided by the
`GOOGLE_CREDENTIALS` environment variable or by
[application default credentials](https://cloud.google.com/docs/authentication/production).
Reference in New Issue View Git Blame Copy Permalink