gcloud alpha compute disks update-kms-key

NAME
gcloud alpha compute disks update-kms-key - update the KMS key of a persistent disk
SYNOPSIS
gcloud alpha compute disks update-kms-key DISK_NAME [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT] [--region=REGION     | --zone=ZONE] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) * gcloud alpha compute disks update-kms-key * updates the KMS key of a Compute Engine persistent disk by rotating it to the primary version of the key or to the primary version of a new KMS key.
EXAMPLES
To rotate the KMS key of a disk named example-disk-1 to the primary version, run: 
gcloud alpha compute disks update-kms-key example-disk-1 --zone us-central1-a

To change the KMS key of a disk named example-disk-2 to a new KMS key named example-key in a key ring named example-key-ring in the global scope, run: 

gcloud alpha compute disks update-kms-key example-disk-2 --zone us-central1-a --kms-key example-key --kms-keyring example-key-ring --kms-location global
POSITIONAL ARGUMENTS
DISK_NAME
Name of the disk to operate on.
FLAGS
Key resource - The Cloud KMS (Key Management Service) cryptokey that will be used to protect the disk. The 'Compute Engine Service Agent' service account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in this group can be used to specify the attributes of this resource.
--kms-key=KMS_KEY
ID of the key or fully qualified identifier for the key.

To set the kms-key attribute:

  • provide the argument --kms-key on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--kms-keyring=KMS_KEYRING
The KMS keyring of the key.

To set the kms-keyring attribute:

  • provide the argument --kms-key on the command line with a fully specified name;
  • provide the argument --kms-keyring on the command line.
--kms-location=KMS_LOCATION
The Google Cloud location for the key.

To set the kms-location attribute:

  • provide the argument --kms-key on the command line with a fully specified name;
  • provide the argument --kms-location on the command line;
  • provide the argument --region on the command line.
--kms-project=KMS_PROJECT
The Google Cloud project for the key.

To set the kms-project attribute:

  • provide the argument --kms-key on the command line with a fully specified name;
  • provide the argument --kms-project on the command line;
  • set the property core/project.
At most one of these can be specified:
--region=REGION
Region of the disk to operate on. If not specified, you might be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/region property: 

gcloud config set compute/region REGION

A list of regions can be fetched by running: 

gcloud compute regions list

To unset the property, run: 

gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

--zone=ZONE
Zone of the disk to operate on. If not specified and the compute/zone property isn't set, you might be prompted to select a zone (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/zone property: 

gcloud config set compute/zone ZONE

A list of zones can be fetched by running: 

gcloud compute zones list

To unset the property, run: 

gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.