This template creates a Google Cloud KMS KeyRing and Keys.
- Install gcloud
- Create a GCP project, set up billing, enable requisite APIs
- Grant the cloudkms.admin IAM role to the Deployment Manager service account
See the properties section in the schema file(s):
-
Clone the Deployment Manager samples repository
git clone https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit
-
Go to the dm directory
cd dm -
Copy the example DM config to be used as a model for the deployment, in this case examples/kms.yaml
cp templates/kms/examples/kms.yaml my_kms.yaml
-
Change the values in the config file to match your specific GCP setup. Refer to the properties in the schema files described above.
vim my_kms.yaml # <== Replace all <FIXME:..> placeholders in this file -
Create your deployment as described below, replacing <YOUR_DEPLOYMENT_NAME> with your with your own deployment name
gcloud deployment-manager deployments create <YOUR_DEPLOYMENT_NAME> \ --config my_kms.yaml
Note: Once created, this deployment cannot be deleted. Refer to
KMS Object Lifetimein Resources section