Authentication Methods for K8s

Akeyless supports multiple options to authenticate your K8s cluster with Akeyless Vault.

Kubernetes Auth

👍

Did you know?

Native Kubernetes attributes such as namespace and pod_name can be leveraged as sub-claims for policy segregation when using Kubernetes Authentication.

To use K8s Auth method for authentication :

AKEYLESS_ACCESS_TYPE: "k8s"
AKEYLESS_ACCESS_ID: "p-XXXXX"
AKEYLESS_K8S_AUTH_CONF_NAME: "K8s_conf_name"

#you need to provide one of the following:
AKEYLESS_GW_CONFIG_URL: "http://Your-GW:18888"
or
AKEYLESS_API_GW_URL:  "https://Your-GW:8080"

📘

Zero Knowledge

While working with Customer Fragment for Zero-Knowledge set
AKEYLESS_API_GW_URL: "https://Your-GW:8080"

Universal Identity

AKEYLESS_ACCESS_TYPE: "universal_identity"
AKEYLESS_API_GW_URL: "https://Akeyless-gw-url" 
AKEYLESS_INIT_TOKEN: "<token>"

API Key

AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080" 
AKEYLESS_ACCESS_TYPE: "api_key"
AKEYLESS_API_KEY: "<acc_key>"
AKEYLESS_ACCESS_ID: "<acc_id>"

Azure Active Directory

AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080" 
AKEYLESS_ACCESS_TYPE: "azure_ad"
AKEYLESS_ACCESS_ID: "<acc_id>"
# optional
# AKEYLESS_AZURE_OBJ_ID: "<azure-object-id>"

AWS-IAM

AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080" 
AKEYLESS_ACCESS_TYPE: "aws_iam"
AKEYLESS_ACCESS_ID: "<acc_id>"

GCP Auth

AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080" 
AKEYLESS_ACCESS_TYPE: "gcp"
AKEYLESS_ACCESS_ID: "<acc_id>"
AKEYLESS_GCP_AUDIENCE: "akeyless.io"