From 51ac28656efa4c64698a33324e33e6b5c6d43f29 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Fri, 29 Jan 2021 16:11:25 -0800
Subject: [PATCH] Fix protection level for host keys in cloudkms script.

Fixes #460
---
 cmd/step-cloudkms-init/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/step-cloudkms-init/main.go b/cmd/step-cloudkms-init/main.go
index d23a31e9..69573c5d 100644
--- a/cmd/step-cloudkms-init/main.go
+++ b/cmd/step-cloudkms-init/main.go
@@ -234,7 +234,7 @@ func createSSH(c *cloudkms.CloudKMS, project, location, keyRing string, protecti
 	resp, err = c.CreateKey(&apiv1.CreateKeyRequest{
 		Name:               parent + "/ssh-host-key",
 		SignatureAlgorithm: apiv1.ECDSAWithSHA256,
-		ProtectionLevel:    apiv1.Software,
+		ProtectionLevel:    protectionLevel,
 	})
 	if err != nil {
 		return err