The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.


Access Resources Remotely

Depending on the resource type, you can securely access resources in the following ways:

Connect from the Secure Remote Access Portal

The default authentication method for logging in to the Secure Remote Access Portal is Security Assertion Markup Language (SAML). For details about integrating your SAML authentication with the Akeyless Vault Platform, see here.

  1. Go to
  1. In the SAML Access ID field, enter your SAML username.

  2. (Optional) If your system includes a customer fragment, in the Akeyless Gateway URL field, enter your Akeyless Gateway URL on port 8080.

  3. (Optional) If you are connecting to database, SSH, or RabbitMQ resources, in the Web Client URL field, enter the URL of your Basic Bastion.

  4. (Optional) If you are connecting to applications using Web Access in Isolated mode, in the Web Access Dispatcher URL field, enter the URL of your Web Access Bastion.

  5. Select Sign in.
    The portal shows all the supported resource types. The number of resources of a particular type that you are authorized to access appears in the top-right corner of the resource tile. If no number appears for a resource, you are not authorized to access any resources of that type.


To simplify login, after you enter all the required information but before you sign in, select Generate SAML Bookmark URL to create a link to the completed form. The link is copied to your clipboard for you to save in a convenient place, such as your browser bookmarks, and use in the future to automatically complete the login details.

Connect from a UNIX Terminal

Akeyless Sphere provides you with secure CLI access to resources from any UNIX terminal. Akeyless Sphere supports native CLI, as well as Secure Copy Protocol (SCP) for secured copy support.


To use Akeyless Sphere you need:

Set Up Akeyless Sphere

  1. Download the Akeyless Sphere script to the /usr/local/bin directory, and ensure that it has execution permissions.

  2. Create a resource file called ~/.akeyless-sphere.rc as follows:

identity_file=""  # optioanl, identity file for ssh connection
cert_issuer_name="/path/to/cert-issuer" # mandatory, path to cert issuer item
profile="your-profile" # optional, akeyless profile to use (if not provided, 'default' profile is used)


From Windows 10, the Windows subsystem for Linux feature enables you to use your Windows OS environment as a UNIX-like system. To work with Akeyless Sphere from a Windows machine, place the .akeyless-sphere.rc script in your home directory.

  1. Use the akeyless-sphere script to connect to a resource through the Professional Bastion:
akeyless-sphere <[[email protected]]target/hostname/ip[:port]> [--name /path/to/producer] via <bastion-hostname/ip[:port]>
akeyless-sphere us-east-2 --name "/path/to/AWS-producer" via akeyless-bastion-host[:bastion-port]
akeyless-sphere <cluster endpoint without https:// > --name <dynamic-secret-name> via <bastion-address:port>
akeyless-sphere mysql-db-hostname:3306 --name "/path/to/mysql-producer" via akeyless-bastion-host:2222
akeyless-sphere --name "/path/to/MongoDB-producer" via akeyless-bastion-host:2222
akeyless-sphere [email protected] via akeyless-bastion-host:2222
akeyless-sphere <cluster endpoint without https:// > --name <dynamic-secret-name> via <bastion-address:port>

Once you are logged in, the Akeyess logo appears in the terminal.

Legacy Mode

To support legacy applications, Akeyless enables a hybrid mode based on SSH certificates and SSH keys. When a user accesses a legacy resource, the platform uses an SSH certificate to connect to the Professional Bastion. The Professional Bastion in turn uses your SSH key or password to connect to the legacy resource.


There are risks to SSH password authentication. Ensure you are connecting to the correct resource.

  1. Create a static secret in Akeyless Vault, the value of which is your SSH private key or SSH password.

  2. Run the update-item command to enable either the ssh-password or ssh-private-key mode to the secret.

$ akeyless update-item --name <Path/to/static/secret> /
--secure-access-enable true /
--secure-access-ssh-creds  <[password/private-key> /
--secure-access-bastion-issuer </Path/of/SSH Cert Issuer> /
--secure-access-host <Target SSH server >
$ akeyless update-item --name <static secret name> /
--add-tag ssh-private-key

Updated a day ago

Access Resources Remotely

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.