# vhsm transit The `vhsm transit` command manages interactions with vHSM's Transit Secrets Engine, including importing and updating encryption keys. ### **Usage** ```sh vhsm transit [options] [arguments] ``` Option flags for a given subcommand must be provided after the subcommand but before the arguments. ### **Subcommands** | Command | Description | | ---------------- | ------------------------------------------------------------------------------------------------------- | | `import` | Imports a new encryption key into vHSM via the Transit BYOK mechanism. Fails if the key already exists. | | `import-version` | Updates an existing key with a new version of the key material. | #### **Example 1: Import a new RSA key into Transit** ```sh vhsm transit import transit/keys/test-key @test-key type=rsa-2048 ``` **Output** ``` Retrieving transit wrapping key. Wrapping source key with ephemeral key. Encrypting ephemeral key with transit wrapping key. Submitting wrapped key to vHSM transit. Success! ``` #### **Example 2: Import a new version of an existing key** ```sh vhsm transit import-version transit/keys/test-key @test-key-updated ``` **Output** ``` Retrieving transit wrapping key. Wrapping source key with ephemeral key. Encrypting ephemeral key with transit wrapping key. Submitting wrapped key to vHSM transit. Success! ``` ### Options | Options | Description | | ------- | ----------------------------------------------------------------------------------------------------------------------- | | `PATH` | The path to the transit key to import. Format: `/keys/`. Use `-namespace=` to specify a namespace. | | `KEY` | The key material to import, encoded in Standard Base64. If `KEY` begins with `@`, it is treated as a file path on disk. | This command does not have any unique flags and follows standard vHSM CLI conventions. Use `vhsm transit import -help` for additional details.