API Key
API Key is a simple Authentication Method supported by the Akeyless Platform. API Keys are very popular primarily for testing or staging environments.
Create an API Key Authentication Method from the CLI
Let's create a new API Key authentication method using the Akeyless CLI. (You can do this also from the Akeyless Console.)
To create an API Key authentication method from the CLI, run the following command:
akeyless auth-method create api-key --name MyFirstAPIKey
Where:
name
: A unique name for the authentication method. The name can include the path to the virtual folder where you want to create the new authentication method, using slash/
separators. If the folder does not exist, it will be created together with the authentication method.
Warning
Akeyless API Key is displayed only once. Ensure saving it outside the CLI.
You can find the complete list of additional parameters for this command in the CLI Reference - Authentication section.
Configure Akeyless CLI with the API Key authentication method
To configure your CLI to work with API Key authentication, run the following command:
akeyless configure --profile default --access-id <Your API Key Auth AccessID> --access-key <Your API Key>
Create an API Key authentication method in the Akeyless Console
-
Log in to the Akeyless Console and go to Users & Auth Methods > New > API Key.
-
Define a Name for the authentication method, and specify the Location as a path to the virtual folder where you want to create the new authentication method, using slash
/
separators. If the folder does not exist, it will be created together with the authentication method. -
Define the remaining parameters as follows:
-
Expiration Date: Select the access expiration date. This parameter is optional. Leave it empty for access to continue without an expiration date.
-
Allowed Client IPs: Enter a comma-separated list of CIDR blocks from which the client can issue calls to the proxy. By "client," we mean CURL, SDK, etc. This parameter is optional. Leave it empty for unrestricted access.
-
Allowed Trusted Gateway IPs: Comma separated CIDR blocks. If specified, the Gateway using this IP range will be trusted to forward the original client IP. If empty, the Gateway's IP address will be used.
-
Audit Log Sub Claims: Enter a comma-separated list of sub-claims keys to be included in the audit logs.
-
Click Finish.
-
Download a CSV file with the Access ID and Access Key, or send them by email.
Tutorial
Check out our tutorial video on Authentication Methods and API Key Authentication.
Updated about 1 month ago
Make sure to associate your new Authentication Method with an Access Role to grant the relevant permissions within Akeyless.