Authentication Methods for Kubernetes
Akeyless supports multiple options to authenticate your K8s cluster with Akeyless platform:
- Kubernetes (K8s) Auth
- Universal Identity (UID) Not supported by the External Secret Operator (ESO).
- API Key
- Cloud Authentication:
K8s Auth
Note
Native Kubernetes attributes such as
namespaceandpod_namecan be leveraged as sub-claims for policy segregation when using Kubernetes Authentication.
To use the K8s Auth method for authentication:
AKEYLESS_ACCESS_TYPE: "k8s"
AKEYLESS_ACCESS_ID: "<Access Id>"
AKEYLESS_K8S_AUTH_CONF_NAME: "K8s_conf_name"
#you need to provide one of the following:
AKEYLESS_GW_CONFIG_URL: "http://<Your-Akeyless-GW-URL:18888>"
or
AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
Zero-Knowledge
While working with Customer Fragment for Zero-Knowledge set:
AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
Universal Identity (UID)
To use UID Auth method for authentication:
AKEYLESS_ACCESS_TYPE: "universal_identity"
AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
AKEYLESS_INIT_TOKEN: "<token>"
API Key
To use API Key Auth method for authentication:
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
AKEYLESS_ACCESS_TYPE: "api_key"
AKEYLESS_API_KEY: "<Access Key>"
AKEYLESS_ACCESS_ID: "<Access Id>"
Cloud Authentication
Azure Active Directory (AD)
To use Azure AD Auth method for authentication:
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
AKEYLESS_ACCESS_TYPE: "azure_ad"
AKEYLESS_ACCESS_ID: "<Access Id>"
# optional
# AKEYLESS_AZURE_OBJ_ID: "<azure-object-id>"
AWS-IAM
To use AWS-IAM Auth method for authentication:
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
AKEYLESS_ACCESS_TYPE: "aws_iam"
AKEYLESS_ACCESS_ID: "<Access Id>"
GCP Auth
To use GCP Auth method for authentication:
AKEYLESS_URL: "https://vault.akeyless.io"
# to Work with Private GW
# AKEYLESS_API_GW_URL: "https://<Your-Akeyless-GW-URL:8080>"
AKEYLESS_ACCESS_TYPE: "gcp"
AKEYLESS_ACCESS_ID: "<Access Id>"
AKEYLESS_GCP_AUDIENCE: "akeyless.io"
Updated 4 months ago