HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_beta_kms_ekm-connections_create.1
.TH "GCLOUD_BETA_KMS_EKM\-CONNECTIONS_CREATE" 1



.SH "NAME"
.HP
gcloud beta kms ekm\-connections create \- create a new ekm connection



.SH "SYNOPSIS"
.HP
\f5gcloud beta kms ekm\-connections create\fR (\fIEKM_CONNECTION\fR\ :\ \fB\-\-location\fR=\fILOCATION\fR) \fB\-\-hostname\fR=\fIHOSTNAME\fR \fB\-\-server\-certificates\-files\fR=[\fISERVER_CERTIFICATES\fR,...] \fB\-\-service\-directory\-service\fR=\fISERVICE_DIRECTORY_SERVICE\fR [\fB\-\-endpoint\-filter\fR=\fIENDPOINT_FILTER\fR] [\fB\-\-crypto\-space\-path\fR=\fICRYPTO_SPACE_PATH\fR\ \fB\-\-key\-management\-mode\fR=\fIKEY_MANAGEMENT_MODE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(BETA)\fR Creates a new connection within the given location.



.SH "EXAMPLES"

The following command creates an ekm connection named \f5laplace\fR within the
location \f5us\-central1\fR:

.RS 2m
$ gcloud beta kms ekm\-connections create laplace \e
    \-\-location=us\-central1 \-\-service\-directory\-service="foo" \e
    \-\-endpoint\-filter="foo > bar" \-\-hostname="hostname.foo" \e
    \-\-server\-certificates\-files=foo.pem,bar.pem
.RE

The following command creates an ekm connection named \f5laplace\fR within the
location \f5us\-central1\fR in \f5cloud\-kms\fR key management mode with the
required crypto\-space\-path :

.RS 2m
$ gcloud beta kms ekm\-connections create laplace \e
    \-\-location=us\-central1 \-\-service\-directory\-service="foo" \e
    \-\-endpoint\-filter="foo > bar" \-\-hostname="hostname.foo" \e
    \-\-key\-management\-mode=cloud\-kms \-\-crypto\-space\-path="foo" \e
    \-\-server\-certificates\-files=foo.pem,bar.pem
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Ekmconnection resource \- The KMS ekm connection resource. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5ekm_connection\fR on the command line with a fully
specified name;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fIEKM_CONNECTION\fR

ID of the ekmconnection or fully qualified identifier for the ekmconnection.

To set the \f5ekmconnection\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5ekm_connection\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

The Google Cloud location for the ekmconnection.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5ekm_connection\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-hostname\fR=\fIHOSTNAME\fR

The hostname of the EKM replica used at TLS and HTTP layers.

.TP 2m
\fB\-\-server\-certificates\-files\fR=[\fISERVER_CERTIFICATES\fR,...]

A list of filenames of leaf server certificates used to authenticate HTTPS
connections to the EKM replica in PEM format. If files are not in PEM, the
assumed format will be DER.

.TP 2m
\fB\-\-service\-directory\-service\fR=\fISERVICE_DIRECTORY_SERVICE\fR

The resource name of the Service Directory service pointing to an EKM replica.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-endpoint\-filter\fR=\fIENDPOINT_FILTER\fR

The filter applied to the endpoints of the resolved service. If no filter is
specified, all endpoints will be considered.

.TP 2m

Specifies the key management mode for the EkmConnection and associated fields.


.RS 2m
.TP 2m
\fB\-\-crypto\-space\-path\fR=\fICRYPTO_SPACE_PATH\fR

Crypto space path for the EkmConnection. Required during EkmConnection creation
if \f5\-\-key\-management\-mode=cloud\-kms\fR.

.TP 2m
\fB\-\-key\-management\-mode\fR=\fIKEY_MANAGEMENT_MODE\fR

Key management mode of the ekm connection. An EkmConnection in \f5cloud\-kms\fR
mode means Cloud KMS will attempt to create and manage the key material that
resides on the EKM for crypto keys created with this EkmConnection. An
EkmConnection in \f5manual\fR mode means the external key material will not be
managed by Cloud KMS. Omitting the flag defaults to \f5manual\fR.
\fIKEY_MANAGEMENT_MODE\fR must be one of: \fBmanual\fR, \fBcloud\-kms\fR.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in beta and might change without notice. These
variants are also available:

.RS 2m
$ gcloud kms ekm\-connections create
.RE

.RS 2m
$ gcloud alpha kms ekm\-connections create
.RE
@ Telegram