Google states the advantage of using their Key Management System (KMS) to deliver hardware key security with HSM is that you can use an EV code signing certificate in CI (for example, in GitHub actions).
When importing a code signing key to Google KSM, it is required that the key is "wrapped" using their downloaded wrapping key.
What is the process for wrapping the key and which file is supposed to be used for this process?
