confluent schema-registry kek create¶
Flags¶
--name string REQUIRED: Name of the Key Encryption Key (KEK).
--kms-type string REQUIRED: The type of Key Management Service (KMS), typically one of "AES128_GCM", "AES256_GCM", or "AES256_SIV". (default "aws-kms")
--kms-key-id string REQUIRED: The key ID of the Key Management Service (KMS).
--kms-properties strings A comma-separated list of additional properties (key=value) used to access the Key Management Service (KMS).
--doc string An optional user-friendly description for the Key Encryption Key (KEK).
--shared If the DEK Registry has shared access to the Key Management Service (KMS).
--context string CLI context name.
--environment string Environment ID.
-o, --output string Specify the output format as "human", "json", or "yaml". (default "human")
--name string REQUIRED: Name of the Key Encryption Key (KEK).
--kms-type string REQUIRED: The type of Key Management Service (KMS), typically one of "AES128_GCM", "AES256_GCM", or "AES256_SIV". (default "aws-kms")
--kms-key-id string REQUIRED: The key ID of the Key Management Service (KMS).
--kms-properties strings A comma-separated list of additional properties (key=value) used to access the Key Management Service (KMS).
--doc string An optional user-friendly description for the Key Encryption Key (KEK).
--shared If the DEK Registry has shared access to the Key Management Service (KMS).
--context string CLI context name.
--ca-location string File or directory path to CA certificates to authenticate the Schema Registry client.
--schema-registry-endpoint string The URL of the Schema Registry cluster.
-o, --output string Specify the output format as "human", "json", or "yaml". (default "human")
Global Flags¶
-h, --help Show help for this command.
--unsafe-trace Equivalent to -vvvv, but also log HTTP requests and responses which might contain plaintext secrets.
-v, --verbose count Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).
Examples¶
Create a KEK with a AWS KMS key:
confluent schema-registry kek create --name test --kms-type AWS_KMS --kms-key-id arn:aws:kms:us-west-2:037502941121:key/a1231e22-1n78-4l0d-9d50-9pww5faedb54 --kms-properties KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled
See Also¶
- confluent schema-registry kek - Manage Schema Registry Key Encryption Keys (KEKs).