- Categories:
System functions (System Information)
SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD¶
Returns a Google Cloud gcloud command to obtain policy information for the Google Cloud Key Management Service for use with customer-managed keys.
You can use the policy information for your customer-managed keys with Tri-Secret Secure for Snowflake accounts on Google Cloud Platform.
Syntax¶
SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD()
Arguments¶
None.
Usage notes¶
This function is for use in Snowflake accounts on Google Cloud Platform only.
Only account administrators (i.e. users with the ACCOUNTADMIN role) or a role that is granted the MONITOR SECURITY privilege can call this function.
Examples¶
Return the gcloud command to obtain GCP KMS policy information for customer-managed keys. Note that the example gcloud command does not contain real option values, some of which are replaced by angle brackets.
For details about the gcloud command, see the documentation for gcloud kms.
select SYSTEM$GET_GCP_KMS_CMK_GRANT_ACCESS_CMD();
Returns:
gcloud kms keys add-iam-policy-binding <key-name> --project <project-id> --location <location> --keyring <key-ring> --member serviceAccount:<service-account-email> --role roles/cloudkms.cryptoKeyEncrypterDecrypter