Add managed key docs for gcp (#17280)

* add managed key docs for gcp * fix algorithm parameter * add missing bracket
2022-09-22 15:44:21 -04:00 · 2022-09-22 15:44:21 -04:00 · b17ea8c6bd
parent 254608f579
commit b17ea8c6bd
2 changed files with 36 additions and 3 deletions
--- a/website/content/api-docs/system/managed-keys.mdx
+++ b/website/content/api-docs/system/managed-keys.mdx
@ -216,6 +216,39 @@ $ curl \

 - `key_type` `(string: <required>)`: The type of key to use. At this time only supported value is `RSA`.

+#### GCP Cloud KMS Parameters
+
+- `credentials` `(string: <required>)`: The path of the credential file to use for authenticating to GCP.
+This can also be provided in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
+
+- `crypto_key` `(string: <required>)`: The name of the GCP Cloud KMS key. If there is no existing key
+and `allow_generate_key` is `true`, Vault will generate a key with this name.
+
+- `crypto_key_version` `(string: "1")`: The version of the key to use.
+
+- `key_ring` `(string: <required>)`: The name of the key ring in GCP Cloud KMS.
+
+- `project` `(string: <required>)`: The ID of the GCP project.
+
+- `region` `(string: <required>)`: The region where the key ring was created. This can also be provided
+with the `GOOGLE_REGION` environment variable.
+
+- `algorithm` `(string: <required>)`: The signature algorithm to be used with the key. Supported
+values for signature algorithms are:
+  - `EC_SIGN_P256_SHA256`
+  - `EC_SIGN_P384_SHA384`
+  - `EC_SIGN_P256_SHA256`
+  - `RSA_SIGN_PSS_2048_SHA256`
+  - `RSA_SIGN_PSS_3072_SHA256`
+  - `RSA_SIGN_PSS_4096_SHA256`
+  - `RSA_SIGN_PSS_4096_SHA512`
+  - `RSA_SIGN_PKCS1_2048_SHA256`
+  - `RSA_SIGN_PKCS1_3072_SHA256`
+  - `RSA_SIGN_PKCS1_4096_SHA256`
+  - `RSA_SIGN_PKCS1_4096_SHA512`
+
+  For more information, see the GCP Cloud KMS [documentation for signing algorithms](https://cloud.google.com/kms/docs/algorithms).
+
 ## Read managed key

 This endpoint returns the managed key configuration at the given path.
--- a/website/content/docs/enterprise/managed-keys.mdx
+++ b/website/content/docs/enterprise/managed-keys.mdx
@ -13,7 +13,7 @@ external to Vault, when handling, storing, and interacting with
 private key material, or are required to do so by standards requirements.

 To satisfy these requirements, Vault has a centralized abstraction called
-*Managed Keys* that different secrets engines can plug into, allowing them to 
+*Managed Keys* that different secrets engines can plug into, allowing them to
 delegate these operations to a trusted external KMS.

 Minimally, a managed key consists of a named managed key entry managed by the
@ -37,8 +37,8 @@ as the Managed Key for which it intends to use.
 ## Backend Support

 Managed Keys were developed to support different types of external backends. At
-this time supported backends are PKCS#11, AWS KMS and Azure Key Vault.
-Support for additional integrations may be added in the future.
+this time supported backends are PKCS#11, AWS KMS, Azure Key Vault, and Google
+Cloud KMS. Support for additional integrations may be added in the future.

 ## Secret and Auth Engine Support