gcloud builds submit --config cloudbuild.yaml
gcloud kms encrypt \
--location global \
--keyring [KEYRING] \
--key [KEY] \
--plaintext-file [FILE_TO_ENCRYPT] \
--ciphertext-file [NEW_FILE_NAME]
gcloud kms keys add-iam-policy-binding \
[KEY] --location=global --keyring=[KEYRING] \
--member=serviceAccount:[CLOUD_BUILD_SERVICE_ACCOUNT_EMAIL] \
--role=roles/cloudkms.cryptoKeyDecrypter
echo "text to encrypt" | gcloud kms encrypt \
--plaintext-file=- \
--ciphertext-file=- \
--location=global \
--keyring=[KEYRING] \
--key=[KEY] | base64