HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_alpha_kms_ekm-connections_update.1
.TH "GCLOUD_ALPHA_KMS_EKM\-CONNECTIONS_UPDATE" 1



.SH "NAME"
.HP
gcloud alpha kms ekm\-connections update \- update an ekmconnection



.SH "SYNOPSIS"
.HP
\f5gcloud alpha kms ekm\-connections update\fR (\fIEKM_CONNECTION\fR\ :\ \fB\-\-location\fR=\fILOCATION\fR) [\fB\-\-endpoint\-filter\fR=\fIENDPOINT_FILTER\fR] [\fB\-\-hostname\fR=\fIHOSTNAME\fR] [\fB\-\-server\-certificates\-files\fR=[\fISERVER_CERTIFICATES\fR,...]] [\fB\-\-service\-directory\-service\fR=\fISERVICE_DIRECTORY_SERVICE\fR] [\fB\-\-crypto\-space\-path\fR=\fICRYPTO_SPACE_PATH\fR\ \fB\-\-key\-management\-mode\fR=\fIKEY_MANAGEMENT_MODE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(ALPHA)\fR gcloud alpha kms ekm\-connections update can be used to update the
ekmconnection. Updates can be made to the ekmconnection's service resolver's
fields.



.SH "EXAMPLES"

The following command updates an ekm\-connection named \f5laplace\fR service
resolver's hostname within location \f5us\-east1\fR:

.RS 2m
$ gcloud alpha kms ekm\-connections update laplace \e
    \-\-location=us\-east1 \-\-hostname=newhostname.foo
.RE

The following command updates an ekm\-connection named \f5laplace\fR service
resolver's service_directory_service, endpoint_filter, hostname, and
server_certificates within location \f5us\-east1\fR:

.RS 2m
$ gcloud alpha kms ekm\-connections update laplace \e
    \-\-location=us\-east1 \-\-service\-directory\-service="foo" \e
    \-\-endpoint\-filter="foo > bar" \-\-hostname="newhostname.foo" \e
    \-\-server\-certificates\-files=foo.pem,bar.pem
.RE

The following command updates an ekm\-connection named \f5laplace\fR
key_management_mode within location \f5us\-east1\fR:

.RS 2m
$ gcloud alpha kms ekm\-connections update laplace \e
    \-\-location=us\-east1 \-\-key\-management\-mode=manual
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Ekmconnection resource \- The KMS ekm connection resource. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5ekm_connection\fR on the command line with a fully
specified name;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fIEKM_CONNECTION\fR

ID of the ekmconnection or fully qualified identifier for the ekmconnection.

To set the \f5ekmconnection\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5ekm_connection\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

The Google Cloud location for the ekmconnection.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5ekm_connection\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-endpoint\-filter\fR=\fIENDPOINT_FILTER\fR

The filter applied to the endpoints of the resolved service. If no filter is
specified, all endpoints will be considered.

.TP 2m
\fB\-\-hostname\fR=\fIHOSTNAME\fR

The hostname of the EKM replica used at TLS and HTTP layers.

.TP 2m
\fB\-\-server\-certificates\-files\fR=[\fISERVER_CERTIFICATES\fR,...]

A list of filenames of leaf server certificates used to authenticate HTTPS
connections to the EKM replica in PEM format. If files are not in PEM, the
assumed format will be DER.

.TP 2m
\fB\-\-service\-directory\-service\fR=\fISERVICE_DIRECTORY_SERVICE\fR

The resource name of the Service Directory service pointing to an EKM replica.

.TP 2m

Specifies the key management mode for the EkmConnection and associated fields.


.RS 2m
.TP 2m
\fB\-\-crypto\-space\-path\fR=\fICRYPTO_SPACE_PATH\fR

Crypto space path for the EkmConnection. Required during EkmConnection creation
if \f5\-\-key\-management\-mode=cloud\-kms\fR.

.TP 2m
\fB\-\-key\-management\-mode\fR=\fIKEY_MANAGEMENT_MODE\fR

Key management mode of the ekm connection. An EkmConnection in \f5cloud\-kms\fR
mode means Cloud KMS will attempt to create and manage the key material that
resides on the EKM for crypto keys created with this EkmConnection. An
EkmConnection in \f5manual\fR mode means the external key material will not be
managed by Cloud KMS. Omitting the flag defaults to \f5manual\fR.
\fIKEY_MANAGEMENT_MODE\fR must be one of: \fBmanual\fR, \fBcloud\-kms\fR.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:

.RS 2m
$ gcloud kms ekm\-connections update
.RE

.RS 2m
$ gcloud beta kms ekm\-connections update
.RE
@ Telegram