luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add managed key docs for gcp (#17280) 

* add managed key docs for gcp

* fix algorithm parameter

* add missing bracket
This commit is contained in:
Rachel Culpepper 2022-09-22 15:44:21 -04:00 committed by GitHub
parent 254608f579
commit b17ea8c6bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
website/content/api-docs/system/managed-keys.mdx
View File

@ -216,6 +216,39 @@ $ curl \
- `key_type` `(string: <required>)`: The type of key to use. At this time only supported value is `RSA`.
#### GCP Cloud KMS Parameters
- `credentials` `(string: <required>)`: The path of the credential file to use for authenticating to GCP.
This can also be provided in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
- `crypto_key` `(string: <required>)`: The name of the GCP Cloud KMS key. If there is no existing key
and `allow_generate_key` is `true`, Vault will generate a key with this name.
- `crypto_key_version` `(string: "1")`: The version of the key to use.
- `key_ring` `(string: <required>)`: The name of the key ring in GCP Cloud KMS.
- `project` `(string: <required>)`: The ID of the GCP project.
- `region` `(string: <required>)`: The region where the key ring was created. This can also be provided
with the `GOOGLE_REGION` environment variable.
- `algorithm` `(string: <required>)`: The signature algorithm to be used with the key. Supported
values for signature algorithms are:
- `EC_SIGN_P256_SHA256`
- `EC_SIGN_P384_SHA384`
- `EC_SIGN_P256_SHA256`
- `RSA_SIGN_PSS_2048_SHA256`
- `RSA_SIGN_PSS_3072_SHA256`
- `RSA_SIGN_PSS_4096_SHA256`
- `RSA_SIGN_PSS_4096_SHA512`
- `RSA_SIGN_PKCS1_2048_SHA256`
- `RSA_SIGN_PKCS1_3072_SHA256`
- `RSA_SIGN_PKCS1_4096_SHA256`
- `RSA_SIGN_PKCS1_4096_SHA512`
For more information, see the GCP Cloud KMS [documentation for signing algorithms](https://cloud.google.com/kms/docs/algorithms).
## Read managed key
This endpoint returns the managed key configuration at the given path.

4
website/content/docs/enterprise/managed-keys.mdx
View File

@ -37,8 +37,8 @@ as the Managed Key for which it intends to use.
## Backend Support
Managed Keys were developed to support different types of external backends. At
this time supported backends are PKCS#11, AWS KMS and Azure Key Vault.
Support for additional integrations may be added in the future.
this time supported backends are PKCS#11, AWS KMS, Azure Key Vault, and Google
Cloud KMS. Support for additional integrations may be added in the future.
## Secret and Auth Engine Support