gsutil compose error on bucket encrypted with customer managed keys

0
votes

I created a bucket encrypted with customer managed keys. I'm able to copy, move and cat files but when I try to execute:

gsutil compose gs://bucket/first_file.csv gs://bucket/second_file.csv gs://bucket/final_file.csv

I get the following error:

BadRequestException: 400 Component object (bucket/first_file.csv) is encrypted with a Cloud KMS key, which is not supported.

I tried with service login and user with different rights but error is always the same.

Documentation [https://cloud.google.com/storage/docs/gsutil/commands/compose][1] mentions only number of files as limitation.

What I'm missing? Is there a limitation on KMS keys compatible with gsutil compose?

1
google-cloud-storage

1 Answers

1
votes

As the error suggest and documented here, the compose operation currently does not support objects that are encrypted with a customer managed key.

"NOT use customer-managed encryption keys."

So, since you are using gsutil compose, this is the reason why you are getting that error message.

I'd recommend you to use Google Managed keys to avoid this issue.