Add a Static Secret to an Access Role

Access roles provide clients with permission to work with secrets. When you add a secret to a role, you can specify exactly which CRUD operations clients can perform for that secret.

👍

Info

By default, the account owner has privilege permissions in Akeyless. Managing users' access roles and permissions can be done using Akeyless Vault Platform Authentication Methods with Access Roles to grant users the minimum permissions they need.

Add a Static Secret to a Role from the Akeyless CLI

Let’s add a static secret to an existing role using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

The CLI command to add a secret to a role is:

akeyless set-role-rule \
  --role-name <role name> \
  --path <secret name with path> \
  --capability <read|create|update|delete|list|deny> \
  --rule-type item-rule

where:

  • role-name: The name of the role to which to add the static secret.

  • path: The full path to the static secret.

  • capability: A CRUD operation clients associated with the role can perform for the secret. Each capability argument can include a single permission, either Read, Create, Update, Delete, List, or Deny. Use multiple capability arguments to assign multiple permissions.

  • rule type: item-rule.

For example, to add the AdminCredentials secret in the Admin folder to the SystemAdmin access role, also in the Admin folder, with Read and List permissions, type:

akeyless set-role-rule \
  --role-name /Admin/SystemAdmin \
  --path /Admin/AdminCredentials \
  --capability read \
  --capability list \
  --rule-type item-rule

The response should be like this:

$ The requested rule was successfully set to the role /Admin/SystemAdmin

You can find the complete list of parameters for this command in the CLI Reference - Access Roles section.

Add a Static Secret to a Role from the Akeyless Console

Let’s add a static secret to a role from the Akeyless Console. If you’d prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Access Roles.

  2. Select the role to which you want to add the secret.

  3. Select the Secrets & Keys tab, then select Add.

  4. In the Associate Rules of Secrets & Keys dialog box, in the Restrict to the following path field, enter the full path to the static secret.

  5. From the Allow the following actions options, select the CRUD operation(s) client associated with the role can perform for the secret.

👍

Deny overrides all other operations.

  1. Select Add.

Did this page help you?