Categories:

System functions (System Information)

SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD

Returns a Google Cloud gcloud command to obtain policy information for the Google Cloud Key Management Service for use with customer-managed keys.

See also:

Understanding Encryption Key Management in Snowflake

Syntax

SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD()
Copy

Arguments

None.

Usage notes

  • This function is for use in Snowflake accounts on Google Cloud Platform only.

  • Only account administrators (i.e. users with the ACCOUNTADMIN role) or a role that is granted the MONITOR SECURITY privilege can call this function.

Examples

Return the gcloud command to obtain GCP KMS policy information for customer-managed keys. Note that the example gcloud command does not contain real option values, some of which are replaced by angle brackets.

For details about the gcloud command, see the documentation for gcloud kms (https://cloud.google.com/sdk/gcloud/reference/kms).

select SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD();
Copy

Returns:

gcloud kms keys add-iam-policy-binding <key-name> --project <project-id> --location <location> --keyring <key-ring> --member serviceAccount:<service-account-email> --role roles/cloudkms.cryptoKeyEncrypterDecrypter
Copy
Language: English