Add a Static Secret to an Access Role

Access roles provide clients with permission to work with secrets. When you add a secret to a role, you can specify exactly which CRUD operations clients can perform for that secret.

Add a Static Secret to a Role from the Akeyless CLI

Let’s add a static secret to a role using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

The CLI command to add a secret to a role is:

$ akeyless set-role-rule \
  --role-name <role name> \
  --path <secret name with path> \
  --capability <read|create|update|delete|list|deny> \
  --rule-type item-rule
The requested rule was successfully set to the role <role name>

where:

  • role-name: The name of the role to which to add the static secret.
  • path: The full path to the static secret.
  • capability: A CRUD operation clients associated with the role can perform for the secret. Each capability argument can include a single permission, either Read, Create, Update, Delete, List, or Deny. Use multiple capability arguments to assign multiple permissions
  • rule type: item-rule.

For example, to add the AdminCredentials secret in the Admin folder to the SystemAdmin access role, also in the Admin folder, with Read and List permissions, type:

$ akeyless set-role-rule \
  --role-name /Admin/SystemAdmin \
    --path /Admin/AdminCredentials \
    --capability read \
  --capability list \
    --rule-type item-rule
The requested rule was successfully set to the role /Admin/SystemAdmin

Options

The full list of options for this command is:

-r, --role-name                 *The role name to be updated
  -p, --path                      *The path the rule refers to
  -c, --capability                *List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny]
      --rule-type[=item-rule]      item-rule, target-rule, role-rule, auth-method-rule, search-rule, reports-rule
      --profile                    Use a specific profile from your akeyless/profiles/ folder
      --username                   Optional username for various authentication flows
      --password                   Optional password for various authentication flows
      --uid-token                  The universal identity token, Required only for universal_identity authentication
  -h, --help                       display help information
      --json[=false]               Set output format to JSON
      --no-creds-cleanup[=false]   Do not clean local temporary expired creds

Add a Static Secret to a Role from the Akeyless Console

Let’s add a static secret to a role from the Akeyless Console. If you’d prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Access Roles.

  2. Select the role to which you want to add the secret.

  3. Select the Secrets & Keys tab, then select Add.

  4. In the Associate Rules of Secrets & Keys dialog box, in the Restrict to the following path field, enter the full path to the static secret.

  5. From the Allow the following actions options, select the CRUD operation(s) client associated with the role can perform for the secret.

👍

Deny overrides all other operations.

  1. Select Add.