Created
August 6, 2018 12:58
-
-
Save justinnaldzin/c51276731c29f36947265af929193962 to your computer and use it in GitHub Desktop.
Google Cloud KMS using IAM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://cloud.google.com/kms/docs/iam | |
# Add IAM policy binding to a specific KMS keyring with the cryptoKeyEncrypterDecrypter role | |
KEYRING=my_keyring_name | |
USER_EMAIL=serviceAccount:example-compute@developer.gserviceaccount.com | |
gcloud kms keyrings add-iam-policy-binding $KEYRING --location global --member user:$USER_EMAIL --role roles/cloudkms.cryptoKeyEncrypterDecrypter | |
# Add IAM policy binding to a specific KMS key with the cryptoKeyEncrypterDecrypter role | |
KEY=my_key_name | |
KEYRING=my_keyring_name | |
USER_EMAIL=serviceAccount:example-compute@developer.gserviceaccount.com | |
gcloud kms keys add-iam-policy-binding $KEY --location global --keyring $KEYRING --member $USER_EMAIL --role roles/cloudkms.cryptoKeyEncrypterDecrypter | |
# Confirm IAM policy binding to the role | |
KEY=my_key_name | |
KEYRING=my_keyring_name | |
gcloud kms keys get-iam-policy $KEY --location global --keyring $KEYRING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment