Command Line Interface (CLI)

There are a handful of ways to interact with the Akeyless Vault Platform for managing, creating, and fetching multiple types of supported secrets. One of them is our Command Line Interface (CLI), which is purpose-built to serve your custom automation scripts (usually within a CI/CD pipeline or backup process), as well as human DevOps/Software engineers.


For a full list of the available CLI command, see the CLI reference.

Akeyless Vault CLI has a pre-compiled binary version for Linux, macOS, and Windows which can be easily installed.

Download and Install

If you don’t already have an Akeyless account, register for an account with Akeyless Vault Platform here.


Zero Knowledge with Akeyless CLI

In case you are working with your own Fragment, please create the following environment variable to point your CLI to interact with the relevant Gateway:

export AKEYLESS_GATEWAY_URL=https://Your_GW_URL:8080

Run the following command with Admin privileges to download and install the CLI binary.

curl -o akeyless
chmod +x akeyless
curl -o akeyless
chmod +x akeyless
curl -o akeyless
chmod +x akeyless
curl -o akeyless.exe

Or using Homebrew package manager:

brew tap akeylesslabs/tap
brew install akeyless


At the first time you run any command, the CLI will prompt you to authenticate to Akeyless.

To work directly with Akeyless SaaS services, use the Default URL

At the prompt Would you like to configure a profile (Y/n) line, type Y. Then, type a name to rename the default profile, or press Enter to leave the name as default.

You can configure various types of authentication methods from the CLI:

  1. API Key (access_key)
  2. AWS IAM (aws_iam)
  3. Azure Active Directory (azure_ad)
  4. SAML (saml)
  5. LDAP (ldap)
  6. Password (email/password)
  7. OIDC (oidc)
  8. K8s (k8s)
  9. GCP (GCP)

For more information about authentication methods, see Authentication Methods.


For example, you can use your email & password or an API Key.

akeyless configure --admin-email yourEmailAddress
#configure a profile
akeyless configure
Access ID:  p-abc12de
Access Key: <Your Access Key>
Profile default successfully configured
akeyless configure --access-type ldap
Access ID:  p-abc12de
Ldap Proxy URL: https://<Your Akeyless Gateway URL>
Profile ldap successfully configured



If you don’t enter the correct credentials, for security reasons, the Akeyless CLI will not give you an error message. An error message will be received when you attempt to run commands.

At the prompt Would you like to add AKEYLESS-CLI to PATH (...)? (Y/n) line, type Y.


You are now ready to use the CLI.

Run the create-secret command similar to the following:

akeyless create-secret --name MySecret1 --value MySecretPassword

For more information about authentication methods, see Authentication Methods.

Bucket trust list

To pull the latest CLI version from the Akeyless official bucket, please make sure the following endpoint is trusted:


Did this page help you?