Bulk Operations

Delete items

This command deletes an entire items folder with its contents
The user running the command needs to have Get, List and Delete permissions on the designated path and recursively on each item inside it.

Only items that are visible to the user making the action will be deleted, however, if the user has only Get/List (meaning they are visible to him) and not Delete on some of the items inside the path, the operation will fail.

🚧

Note:

If the designated folder contains one or more items of type AES or RSA keys the command will fail. To delete the folder first delete or move any AES or RSA keys inside it.

  • Akeyless CLI:

Example prerequisite - /folder/sub is created with 2 secrets and 1 key:

$ akeyless create-secret -n /folder/sec1 -v val
A new secret named /folder/sec1 was successfully created

$ akeyless create-secret -n /folder/sec2 -v val
A new secret named /folder/sec2 was successfully created

$ akeyless list-items --path /folder
{
   "items": [
      {
         "item_name": "/folder/sec1",
         "item_type": "STATIC_SECRET",
         ...
         ...
         ...
      },
      {
         "item_name": "/folder/sec2",
         "item_type": "STATIC_SECRET",
         ...
         ...
         ...
      }
   ],
   ...
   ...
}

Example 1 - Deleting items in /folder:

$ akeyless delete-items --path /folder
Item(s) deleted successfully from /folder

$ akeyless list-items --path /folder
{
   "items": null,
   "folders": null,
   "next_page": ""
}

Example 2 - In case an AES key is inside the designated folder, deleting folder /folder fails on a 403:

$ akeyless create-key -n /folder/sub-aes-key --alg AES256GCM
=====================
Encryption Key Fragement #1 created succsessfully in 17 milliseconds
Encryption Key Fragement #2 created succsessfully in 18 milliseconds
=====================
A new AES256GCM key named /folder/sub-aes-key was successfully created

$ akeyless list-items --path /folder
{
   "items": [
      {
         "item_name": "/folder/sec1",
         "item_type": "STATIC_SECRET",
         ...
         ...
         ...
      },
      {
         "item_name": "/folder/sec2",
         "item_type": "STATIC_SECRET",
         ...
         ...
         ...
      },
      {
         "item_name": "/folder/sub-aes-key",
         "item_type": "AES256GCM",
         ...
         ...
         ...
      }
   ],
   ...
   ...
}


$ akeyless delete-items --path /folder
Failed to delete items from path /folder. Error: Desc: Failed to delete items in path. Status 403 Forbidden, Error: ForbiddenTypesDeletion. Message: account id: <account id>, access id: <access id>. Items list include one or more items that cannot be deleted in a bulk operation: [AES128GCM AES256GCM AES128SIV AES256SIV RSA1024 RSA2048]. Either delete those items manually or move them to proceed.

Delete Auth Methods

This command deletes an entire auth-methods folder with its contents
The user running the command needs to have Get, List and Delete permissions on the designated path and recursively on each auth method inside it.

Only auth methods that are visible to the user making the action will be deleted, however, if the user has only Get/List (meaning they are visible to him) and not Delete on some of the auth methods inside the path, the operation will fail.

Examples prerequisite - /folder/sub is created with 2 auth methods:

$ akeyless create-auth-method -n /folder/am1
Auth Method /folder/am1 successfully created
- Access ID: p-vhr2********
- Access Key: 7QeCpbr********************************************

$ akeyless create-auth-method-universal-identity -n /folder/amUID
Auth Method /folder/amUID successfully created
- Access ID: p-35ds********


$ akeyless list-auth-methods
{
   "auth_methods": [
      {
         "auth_method_name": "folder/am1",
         ...
         ...
         "access_info": {
            ...
            ...
            "rules_type": "api_key",
            "api_key_access_rules": {
                ...
                ...
            },
            ...
            ...
         },
         ...
         ...
      },
      {
         "auth_method_name": "folder/amUID",
         ...
         ...
         "access_info": {
            ...
            ...
            "rules_type": "universal_identity",
            ...
            ...
         },
         ...
         ...
      }
   ],
   ...
}

Deleting auth methods in /folder:

$ akeyless delete-auth-methods --path /folder
Auth Method(s) deleted successfully from /folder

Delete Roles

This command deletes an entire roles folder with its contents
The user running the command needs to have Get, List and Delete permissions on the designated path and recursively on each role inside it.

Only roles that are visible to the user making the action will be deleted, however, if the user has only Get/List (meaning they are visible to him) and not Delete on some of the roles inside the path, the operation will fail.

Examples prerequisite - /folder/sub is created with 2 roles:

$ akeyless create-role -n /folder/role1
A new role named /folder/role1 was successfully created

$ akeyless create-role -n /folder/role2
A new role named /folder/role2 was successfully created

$ akeyless list-roles
{
   "roles": [
      {
         "role_name": "folder/role1",
         ...
         ...
      },
      {
         "role_name": "folder/role2",
         ...
         ...
      }
   ],
   ...
}

Deleting roles in /folder:

$ akeyless delete-roles --path /folder
Role(s) deleted successfully from /folder

Move Objects

To move multiple items, auth methods or roles from a specific folder to a different one, or similarly rename a folder, the move-objects flow can be used.
The user running the command needs to have Get, List and Update permissions on the designated source-path and recursively on each role inside it, and on the target-path.

Only objects that are visible to the user making the action will be moved, however, if the user has only Get/List (meaning they are visible to him) and not Update on some of the objects inside the source-path, the operation will fail.

In the case of a duplicate as a result of running the operation, the operation will fail entirely on a 409.

move-objects

  • --objects-type - The objects type you like to move ( item / auth_method / role ), defaults to item
  • -s/--source-path - Path to the folder to move
  • -t/--target-path - Path to the new / existing folder

Examples prerequisite - /folder/src is created with 2 items:

$ akeyless create-secret -n /folder/src/sec1 -v val
A new secret named /folder/src/sec1 was successfully created
$ akeyless create-secret -n /folder/src/sec2 -v val
A new secret named /folder/src/sec2 was successfully created

Example 1 - Renaming /folder/src to /folder/tgt:

$ akeyless move-objects --source /folder/src --target /folder/tgt
Object(s) moved successfully from /folder/src to /folder/tgt

Example 2 - Moving /folder/src to /folder/tgt with preexisting items in /folder/tgt:

$ akeyless create-secret -n /folder/tgt/sec3 -v val
A new secret named /folder/tgt/sec3 was successfully created
$ akeyless create-secret -n /folder/tgt/sec4 -v val
A new secret named /folder/tgt/sec4 was successfully created

$ akeyless list-items --path /folder/
{
   "items": null,
   "folders": [
      "/folder/src/",
      "/folder/tgt/"
   ],
   ...
}

$ akeyless list-items --path /folder/src
{
   "items": [
      {
         "item_name": "/folder/src/sec1",
         "item_type": "STATIC_SECRET",
         ...
         ...
      },
      {
         "item_name": "/folder/src/sec2",
         "item_type": "STATIC_SECRET",
         ...
         ...
      }
   ],
   "folders": null,
   ...
}

$ akeyless list-items --path /folder/tgt
{
   "items": [
      {
         "item_name": "/folder/tgt/sec3",
         "item_type": "STATIC_SECRET",
         ...
         ...
      },
      {
         "item_name": "/folder/tgt/sec4",
         "item_type": "STATIC_SECRET",
         ...
         ...
      }
   ],
   "folders": null,
   ...
}

After running the move-objects command:

$ akeyless move-objects --source /folder/src --target /folder/tgt
Object(s) moved successfully from /folder/src to /folder/tgt
$ akeyless list-items --path /folder/
{
   "items": null,
   "folders": [
      "/folder/tgt/"
   ],
   ...
}

$ akeyless list-items --path /folder/src
{
   "items": null,
   "folders": null,
   "next_page": ""
}

$ akeyless list-items --path /folder/tgt
{
   "items": [
      {
         "item_name": "/folder/tgt/sec1",
         "item_type": "STATIC_SECRET",
         ...
         ...
      },
      {
         "item_name": "/folder/tgt/sec2",
         "item_type": "STATIC_SECRET",
         ...
         ...
      },
      {
         "item_name": "/folder/tgt/sec3",
         "item_type": "STATIC_SECRET",
         ...
         ...
      },
      {
         "item_name": "/folder/tgt/sec4",
         "item_type": "STATIC_SECRET",
         ...
         ...
      }
   ],
   "folders": null,
   ...
}

Did this page help you?