Authentication Methods for K8s
Akeyless supports multiple options to authenticate your K8s cluster with Akeyless Vault.
Did you know?
Native Kubernetes attributes such as
namespace
andpod_name
can be leveraged as sub-claims for policy segregation when using Kubernetes Authentication.
To use K8s Auth method for authentication :
AKEYLESS_ACCESS_TYPE: "k8s"
AKEYLESS_ACCESS_ID: "p-XXXXX"
AKEYLESS_K8S_AUTH_CONF_NAME: "K8s_conf_name"
#you need to provide one of the following:
AKEYLESS_GW_CONFIG_URL: "http://Your-GW:18888"
or
AKEYLESS_API_GW_URL: "https://Your-GW:8080"
Zero Knowledge
While working with Customer Fragment for Zero-Knowledge set
AKEYLESS_API_GW_URL: "https://Your-GW:8080"
AKEYLESS_ACCESS_TYPE: "universal_identity"
AKEYLESS_API_GW_URL: "https://Akeyless-gw-url"
AKEYLESS_INIT_TOKEN: "<token>"
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080"
AKEYLESS_ACCESS_TYPE: "api_key"
AKEYLESS_API_KEY: "<acc_key>"
AKEYLESS_ACCESS_ID: "<acc_id>"
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080"
AKEYLESS_ACCESS_TYPE: "azure_ad"
AKEYLESS_ACCESS_ID: "<acc_id>"
# optional
# AKEYLESS_AZURE_OBJ_ID: "<azure-object-id>"
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080"
AKEYLESS_ACCESS_TYPE: "aws_iam"
AKEYLESS_ACCESS_ID: "<acc_id>"
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://Akeyless.GW.URL:8080"
AKEYLESS_ACCESS_TYPE: "gcp"
AKEYLESS_ACCESS_ID: "<acc_id>"
AKEYLESS_GCP_AUDIENCE: "akeyless.io"
Updated 5 months ago