File: //snap/google-cloud-cli/396/help/man/man1/gcloud_alpha_kms_encrypt.1
.TH "GCLOUD_ALPHA_KMS_ENCRYPT" 1
.SH "NAME"
.HP
gcloud alpha kms encrypt \- encrypt a plaintext file using a key
.SH "SYNOPSIS"
.HP
\f5gcloud alpha kms encrypt\fR \fB\-\-ciphertext\-file\fR=\fICIPHERTEXT_FILE\fR \fB\-\-plaintext\-file\fR=\fIPLAINTEXT_FILE\fR [\fB\-\-additional\-authenticated\-data\-file\fR=\fIADDITIONAL_AUTHENTICATED_DATA_FILE\fR] [\fB\-\-key\fR=\fIKEY\fR] [\fB\-\-keyring\fR=\fIKEYRING\fR] [\fB\-\-location\fR=\fILOCATION\fR] [\fB\-\-skip\-integrity\-verification\fR] [\fB\-\-version\fR=\fIVERSION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(ALPHA)\fR Encrypts the given plaintext file using the given CryptoKey and
writes the result to the named ciphertext file. The plaintext file must not be
larger than 64KiB.
If an additional authenticated data file is provided, its contents must also be
provided during decryption. The file must not be larger than 64KiB.
The flag \f5\-\-version\fR indicates the version of the key to use for
encryption. By default, the primary version is used.
If \f5\-\-plaintext\-file\fR or \f5\-\-additional\-authenticated\-data\-file\fR
is set to '\-', that file is read from stdin. Similarly, if
\f5\-\-ciphertext\-file\fR is set to '\-', the ciphertext is written to stdout.
By default, the command performs integrity verification on data sent to and
received from Cloud KMS. Use \f5\-\-skip\-integrity\-verification\fR to disable
integrity verification.
.SH "EXAMPLES"
The following command will read the file 'path/to/plaintext', encrypt it using
the CryptoKey \f5frodo\fR with the KeyRing \f5fellowship\fR and Location
\f5global\fR, and write the ciphertext to 'path/to/ciphertext'.
.RS 2m
$ gcloud alpha kms encrypt \-\-key=frodo \-\-keyring=fellowship \e
\-\-location=global \-\-plaintext\-file=path/to/input/plaintext \e
\-\-ciphertext\-file=path/to/output/ciphertext
.RE
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-ciphertext\-file\fR=\fICIPHERTEXT_FILE\fR
File path of the ciphertext file to output.
.TP 2m
\fB\-\-plaintext\-file\fR=\fIPLAINTEXT_FILE\fR
File path of the plaintext file to encrypt.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-additional\-authenticated\-data\-file\fR=\fIADDITIONAL_AUTHENTICATED_DATA_FILE\fR
File path to the optional file containing the additional authenticated data.
.TP 2m
\fB\-\-key\fR=\fIKEY\fR
The key to use for encryption.
.TP 2m
\fB\-\-keyring\fR=\fIKEYRING\fR
Key ring of the key.
.TP 2m
\fB\-\-location\fR=\fILOCATION\fR
Location of the keyring.
.TP 2m
\fB\-\-skip\-integrity\-verification\fR
Skip integrity verification on request and response API fields.
.TP 2m
\fB\-\-version\fR=\fIVERSION\fR
Version to use for encryption.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:
.RS 2m
$ gcloud kms encrypt
.RE
.RS 2m
$ gcloud beta kms encrypt
.RE