feat(kms): Add KMS under beta (#935)

Author: JanStern

docs/stackit_beta.md

@@ -42,5 +42,6 @@ stackit beta [flags]
 
 * [stackit](./stackit.md)	 - Manage STACKIT resources using the command line
 * [stackit beta alb](./stackit_beta_alb.md)	 - Manages application loadbalancers
+* [stackit beta kms](./stackit_beta_kms.md)	 - Provides functionality for KMS
 * [stackit beta sqlserverflex](./stackit_beta_sqlserverflex.md)	 - Provides functionality for SQLServer Flex
 

docs/stackit_beta_kms.md

@@ -0,0 +1,37 @@
+## stackit beta kms
+
+Provides functionality for KMS
+
+### Synopsis
+
+Provides functionality for KMS.
+
+```
+stackit beta kms [flags]
+```
+
+### Options
+
+```
+  -h, --help   Help for "stackit beta kms"
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta](./stackit_beta.md)	 - Contains beta STACKIT CLI commands
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+* [stackit beta kms keyring](./stackit_beta_kms_keyring.md)	 - Manage KMS key rings
+* [stackit beta kms version](./stackit_beta_kms_version.md)	 - Manage KMS key versions
+* [stackit beta kms wrapping-key](./stackit_beta_kms_wrapping-key.md)	 - Manage KMS wrapping keys
+

docs/stackit_beta_kms_key.md

@@ -0,0 +1,39 @@
+## stackit beta kms key
+
+Manage KMS keys
+
+### Synopsis
+
+Provides functionality for key operations inside the KMS
+
+```
+stackit beta kms key [flags]
+```
+
+### Options
+
+```
+  -h, --help   Help for "stackit beta kms key"
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms](./stackit_beta_kms.md)	 - Provides functionality for KMS
+* [stackit beta kms key create](./stackit_beta_kms_key_create.md)	 - Creates a KMS key
+* [stackit beta kms key delete](./stackit_beta_kms_key_delete.md)	 - Deletes a KMS key
+* [stackit beta kms key import](./stackit_beta_kms_key_import.md)	 - Import a KMS key
+* [stackit beta kms key list](./stackit_beta_kms_key_list.md)	 - List all KMS keys
+* [stackit beta kms key restore](./stackit_beta_kms_key_restore.md)	 - Restore a key
+* [stackit beta kms key rotate](./stackit_beta_kms_key_rotate.md)	 - Rotate a key
+

docs/stackit_beta_kms_key_create.md

@@ -0,0 +1,62 @@
+## stackit beta kms key create
+
+Creates a KMS key
+
+### Synopsis
+
+Creates a KMS key.
+
+```
+stackit beta kms key create [flags]
+```
+
+### Examples
+
+```
+  Create a symmetric AES key (AES-256) with the name "symm-aes-gcm" under the key ring "my-keyring-id"
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "aes_256_gcm" --name "symm-aes-gcm" --purpose "symmetric_encrypt_decrypt" --protection "software"
+
+  Create an asymmetric RSA encryption key (RSA-2048)
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "rsa_2048_oaep_sha256" --name "prod-orders-rsa" --purpose "asymmetric_encrypt_decrypt" --protection "software"
+
+  Create a message authentication key (HMAC-SHA512)
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "hmac_sha512" --name "api-mac-key" --purpose "message_authentication_code" --protection "software"
+
+  Create an ECDSA P-256 key for signing & verification
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "ecdsa_p256_sha256" --name "signing-ecdsa-p256" --purpose "asymmetric_sign_verify" --protection "software"
+
+  Create an import-only key (versions must be imported)
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "rsa_2048_oaep_sha256" --name "ext-managed-rsa" --purpose "asymmetric_encrypt_decrypt" --protection "software" --import-only
+
+  Create a key and print the result as YAML
+  $ stackit beta kms key create --keyring-id "my-keyring-id" --algorithm "rsa_2048_oaep_sha256" --name "yaml-output-rsa" --purpose "asymmetric_encrypt_decrypt" --protection "software" --output yaml
+```
+
+### Options
+
+```
+      --algorithm string     En-/Decryption / signing algorithm. Possible values: ["aes_256_gcm" "rsa_2048_oaep_sha256" "rsa_3072_oaep_sha256" "rsa_4096_oaep_sha256" "rsa_4096_oaep_sha512" "hmac_sha256" "hmac_sha384" "hmac_sha512" "ecdsa_p256_sha256" "ecdsa_p384_sha384" "ecdsa_p521_sha512"]
+      --description string   Optional description of the key
+  -h, --help                 Help for "stackit beta kms key create"
+      --import-only          States whether versions can be created or only imported
+      --keyring-id string    ID of the KMS key ring
+      --name string          The display name to distinguish multiple keys
+      --protection string    The underlying system that is responsible for protecting the key material. Possible values: ["symmetric_encrypt_decrypt" "asymmetric_encrypt_decrypt" "message_authentication_code" "asymmetric_sign_verify"]
+      --purpose string       Purpose of the key. Possible values: ["symmetric_encrypt_decrypt" "asymmetric_encrypt_decrypt" "message_authentication_code" "asymmetric_sign_verify"]
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+

docs/stackit_beta_kms_key_delete.md

@@ -0,0 +1,41 @@
+## stackit beta kms key delete
+
+Deletes a KMS key
+
+### Synopsis
+
+Deletes a KMS key inside a specific key ring.
+
+```
+stackit beta kms key delete KEY_ID [flags]
+```
+
+### Examples
+
+```
+  Delete a KMS key "MY_KEY_ID" inside the key ring "my-keyring-id"
+  $ stackit beta kms key delete "MY_KEY_ID" --keyring-id "my-keyring-id"
+```
+
+### Options
+
+```
+  -h, --help                Help for "stackit beta kms key delete"
+      --keyring-id string   ID of the KMS key ring where the key is stored
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+

docs/stackit_beta_kms_key_import.md

@@ -0,0 +1,46 @@
+## stackit beta kms key import
+
+Import a KMS key
+
+### Synopsis
+
+After encrypting the secret with the wrapping key’s public key and Base64-encoding it, import it as a new version of the specified KMS key.
+
+```
+stackit beta kms key import KEY_ID [flags]
+```
+
+### Examples
+
+```
+  Import a new version for the given KMS key "MY_KEY_ID" from literal value
+  $ stackit beta kms key import "MY_KEY_ID" --keyring-id "my-keyring-id" --wrapped-key "BASE64_VALUE" --wrapping-key-id "MY_WRAPPING_KEY_ID"
+
+  Import from a file
+  $ stackit beta kms key import "MY_KEY_ID" --keyring-id "my-keyring-id" --wrapped-key "@path/to/wrapped.key.b64" --wrapping-key-id "MY_WRAPPING_KEY_ID"
+```
+
+### Options
+
+```
+  -h, --help                     Help for "stackit beta kms key import"
+      --keyring-id string        ID of the KMS key ring
+      --wrapped-key string       The wrapped key material to be imported. Base64-encoded. Pass the value directly or a file path (e.g. @path/to/wrapped.key.b64)
+      --wrapping-key-id string   The unique id of the wrapping key the key material has been wrapped with
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+

docs/stackit_beta_kms_key_list.md

@@ -0,0 +1,44 @@
+## stackit beta kms key list
+
+List all KMS keys
+
+### Synopsis
+
+List all KMS keys inside a key ring.
+
+```
+stackit beta kms key list [flags]
+```
+
+### Examples
+
+```
+  List all KMS keys for the key ring "my-keyring-id"
+  $ stackit beta kms key list --keyring-id "my-keyring-id"
+
+  List all KMS keys in JSON format
+  $ stackit beta kms key list --keyring-id "my-keyring-id" --output-format json
+```
+
+### Options
+
+```
+  -h, --help                Help for "stackit beta kms key list"
+      --keyring-id string   ID of the KMS key ring where the key is stored
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+

docs/stackit_beta_kms_key_restore.md

@@ -0,0 +1,41 @@
+## stackit beta kms key restore
+
+Restore a key
+
+### Synopsis
+
+Restores the given key from deletion.
+
+```
+stackit beta kms key restore KEY_ID [flags]
+```
+
+### Examples
+
+```
+  Restore a KMS key "MY_KEY_ID" inside the key ring "my-keyring-id" that was scheduled for deletion.
+  $ stackit beta kms key restore "MY_KEY_ID" --keyring-id "my-keyring-id"
+```
+
+### Options
+
+```
+  -h, --help                Help for "stackit beta kms key restore"
+      --keyring-id string   ID of the KMS key ring where the key is stored
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+

docs/stackit_beta_kms_key_rotate.md

@@ -0,0 +1,41 @@
+## stackit beta kms key rotate
+
+Rotate a key
+
+### Synopsis
+
+Rotates the given key.
+
+```
+stackit beta kms key rotate KEY_ID [flags]
+```
+
+### Examples
+
+```
+  Rotate a KMS key "MY_KEY_ID" and increase its version inside the key ring "my-keyring-id".
+  $ stackit beta kms key rotate "MY_KEY_ID" --keyring-id "my-keyring-id"
+```
+
+### Options
+
+```
+  -h, --help                Help for "stackit beta kms key rotate"
+      --keyring-id string   ID of the KMS key ring where the key is stored
+```
+
+### Options inherited from parent commands
+
+```
+  -y, --assume-yes             If set, skips all confirmation prompts
+      --async                  If set, runs the command asynchronously
+  -o, --output-format string   Output format, one of ["json" "pretty" "none" "yaml"]
+  -p, --project-id string      Project ID
+      --region string          Target region for region-specific requests
+      --verbosity string       Verbosity of the CLI, one of ["debug" "info" "warning" "error"] (default "info")
+```
+
+### SEE ALSO
+
+* [stackit beta kms key](./stackit_beta_kms_key.md)	 - Manage KMS keys
+