# vhsm transit

The `vhsm transit` command manages interactions with vHSM's Transit Secrets Engine, including importing and updating encryption keys.

### **Usage**

```sh
vhsm transit <subcommand> [options] [arguments]
```

Option flags for a given subcommand must be provided after the subcommand but before the arguments.

### **Subcommands**

| Command          | Description                                                                                             |
| ---------------- | ------------------------------------------------------------------------------------------------------- |
| `import`         | Imports a new encryption key into vHSM via the Transit BYOK mechanism. Fails if the key already exists. |
| `import-version` | Updates an existing key with a new version of the key material.                                         |

#### **Example 1: Import a new RSA key into Transit**

```sh
vhsm transit import transit/keys/test-key @test-key type=rsa-2048
```

**Output**

```
Retrieving transit wrapping key.
Wrapping source key with ephemeral key.
Encrypting ephemeral key with transit wrapping key.
Submitting wrapped key to vHSM transit.
Success!
```

#### **Example 2: Import a new version of an existing key**

```sh
vhsm transit import-version transit/keys/test-key @test-key-updated
```

**Output**

```
Retrieving transit wrapping key.
Wrapping source key with ephemeral key.
Encrypting ephemeral key with transit wrapping key.
Submitting wrapped key to vHSM transit.
Success!
```

### Options

| Options | Description                                                                                                             |
| ------- | ----------------------------------------------------------------------------------------------------------------------- |
| `PATH`  | The path to the transit key to import. Format: `<mount>/keys/<key-name>`. Use `-namespace=<ns>` to specify a namespace. |
| `KEY`   | The key material to import, encoded in Standard Base64. If `KEY` begins with `@`, it is treated as a file path on disk. |

This command does not have any unique flags and follows standard vHSM CLI conventions. Use `vhsm transit import -help` for additional details.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-transit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.