This page describes how to update the Google Cloud CLI to enable support forautomatically wrapping keys for secure import into Cloud Key Management Service, byinstalling thePyca cryptography library. Version 2.2.0or higher adds support for the required aes_key_wrap_with_padding
wrappingmechanism.
Before you begin
- Install or upgrade the Google Cloud CLI to version 253.0.0 orhigher.
- Install the
pip
command if possible.pip
is the platform-independentcommand-line interface to thePython Package Index. Thepackage manager provided by your operating system may not provide version2.2.0 or higher of the Pyca cryptographic library.
Installing and using pip
You can install and use pip
on Linux, macOS, or Windows systems.
This command installs the library into your user environment, specifying theminimum version to install. To install system-wide, omit the--user
flag. You may need to install pip
as a privileged user.
pip install --user "cryptography>=2.2.0"
After installing the Pyca cryptographic libraries, you mustenable site packages so the gcloud CLI can usethe libraries.
Installing on Linux using a package manager
Follow these instructions on Linux systems if you can't use the pip
command.
Debian or Ubuntu
If you use a system based on Debian or Ubuntu, you can install the Pycacryptographic library using the apt-get
command.
Check the versions of the
python-cryptography
package available in thepackage database. Version 2.2.0 or higher is required.apt policy python-cryptography
Install the package.
sudo apt-get install python-cryptography
If necessary, specify the version to install.
sudo apt-get install python-cryptography=version
After installing the Pyca cryptographic libraries, you mustenable site packages so the gcloud CLI can usethe libraries.
Red Hat, CentOS, or SUSE
If your system uses RPMs for package management, you can install the Pycacrytographic library using the yum
command.
Check the versions of
python-cryptography
available in the packagedatabase. Version 2.2.0 or higher is required.yum --showduplicates list python2-cryptography
Install the package.
sudo yum install python2-cryptography
If necessary, specify the version to install.
sudo yum install python2-cryptography-version
After installing the Pyca cryptographic libraries, you mustenable site packages so the gcloud CLI can usethe libraries.
Enabling site packages
By default, the Google Cloud CLI ignores Python libraries installed on your localsystem. To allow the Google Cloud CLI to use the Pyca cryptographic library, youneed to enable site packages.
To enable site packages, set theCLOUDSDK_PYTHON_SITEPACKAGES
environment variable to 1
. With site packagesenabled, the gcloud CLI can use extra libraries outside of thegoogle-cloud-sdk/lib
directory.
Linux
export CLOUDSDK_PYTHON_SITEPACKAGES=1
macOS
export CLOUDSDK_PYTHON_SITEPACKAGES=1
Windows
set CLOUDSDK_PYTHON_SITEPACKAGES=1
Enabling site packages may cause some gcloud CLI commands to fail.It is recommended that you disable site packagesafter importing your keys.
Disabling site packages
After you finish importing keys, it is recommended that you disable sitepackages on systems where you use the gcloud CLI. To disable sitepackages, set CLOUDSDK_PYTHON_SITEPACKAGES
to 0
.
Linux
export CLOUDSDK_PYTHON_SITEPACKAGES=0
macOS
export CLOUDSDK_PYTHON_SITEPACKAGES=0
Windows
set CLOUDSDK_PYTHON_SITEPACKAGES=0
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-12 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]