kms-key-ring
Config Connector compatible yaml files for creating a kms key ring and applying a role to it.
Download the package using kpt.
kpt pkg get https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit.git/config-connector/solutions/iam/kpt/kms-key-ring kms-key-ring
- A working Config Connector instance using the "cnrm-system" service
account with either
roles/cloudkms.adminorroles/ownerin the project managed by Config Connector. - Cloud Key Management Service (KMS) API enabled in the project where Config Connector is installed
- Cloud Key Management Service (KMS) API enabled in the project managed by Config Connector if it is a different project
| NAME | VALUE | SET BY | DESCRIPTION | COUNT |
|---|---|---|---|---|
| iam-member | ${IAM_MEMBER?} | PLACEHOLDER | member to grant role | 1 |
| location | us-central1 | package-default | location of key ring | 1 |
| ring-name | allowed-ring | package-default | name of key ring | 2 |
| role | roles/cloudkms.admin | package-default | IAM role to grant | 1 |
Set the IAM member that you would like to apply a role to.
kpt cfg set . iam-member user:name@example.com
Optionally set the name of the KMS keyring (defaults to allowed-ring).
kpt cfg set . ring-name your-ring-name
Optionally set the IAM role to grant (defaults to roles/cloudkms.admin).
kpt cfg set . role roles/cloudkms.importer
Optionally set the location of the ring (defaults to us-central1)
kpt cfg set . location us-west1
Apache 2.0 - See LICENSE for more information.