Command Line Interface (CLI)
There are a handful of ways to interact with Akeyless Vault for managing, creating, and fetching multiple types of supported secrets. One of them is our Command Line Interface (CLI), which is purpose-built to serve your custom automation scripts (usually within a CI/CD pipeline or backup process), as well as human DevOps/Software engineers.
For a full list of the available CLI command, see the CLI reference.
Akeyless Vault CLI has a pre-compiled binary version for Linux, macOS, and Windows which can be easily installed via an installation script.
Download and Install
If you don’t already have an Akeyless account, register for an account with Akeyless Vault here.
Zero Knowledge with Akeyless CLI
In case you are working with your fragment, please create the following environment variable to point your CLI to interact with the relevant Gateway:
export AKEYLESS_GATEWAY_URL=https://Your_GW_URL:8080
Run the following command with Admin privileges to download and install the CLI binary.
curl -o akeyless https://akeyless-cli.s3.us-east-2.amazonaws.com/cli/latest/production/cli-linux-amd64
chmod +x akeyless
./akeyless
curl -o akeyless https://akeyless-cli.s3.us-east-2.amazonaws.com/cli/latest/production/cli-darwin-amd64
chmod +x akeyless
./akeyless
curl -o akeyless https://akeyless-cli.s3.us-east-2.amazonaws.com/cli/latest/cli-darwin-arm64
chmod +x akeyless
./akeyless
curl -o akeyless.exe https://akeyless-cli.s3.us-east-2.amazonaws.com/cli/latest/production/cli-windows-amd64.exe
akeyless.exe
Authenticate
At the first time you run any command, the CLI will prompt you to authenticate to Akeyless.
At the prompt Would you like to configure a profile (Y/n) line, type Y. Then, type a name to rename the default profile, or press Enter to leave the name as default.
You can configure six types of authentication methods from the CLI:
- API Key (
access_key) - AWS IAM (
aws_iam) - Azure Active Directory (
azure_ad) - SAML (
saml) - LDAP (
ldap) - Password (
email/password) - OIDC (
oidc) - K8s (
k8s) - GCP (
GCP)
Use the authentication mode that you also used when you signed up and signed in to the UI, use your username and password credentials, or use the API key Akeyless assigned to you when you signed in for the first time.
If you're not sure what authentication method to use, consult your administrator.
For more information about authentication methods, see Authentication Methods.
In the following example, you'll find both the API-key and the LDAP authentication methods: API-Key and LDAP.
#configure a profile
akeyless configure
Access ID: p-abc12de
Access Key: /type your access key here
Profile default successfully configured
akeyless configure --access-type ldap
Access ID: p-abc12de
Ldap Proxy URL: https://Akeyless.GW
Profile ldap successfully configured
akeyless configure --admin-email yourEmailAddress
No validation of credentials
If you don’t enter the correct credentials, the CLI will not give you an error message, and it will just tell you that everything is configured. You will only receive an error message when you attempt to run commands.
At the prompt Would you like to add AKEYLESS-CLI to PATH (...)? (Y/n) line, type Y.
You are now ready to use the CLI.
Run the create-secret command similar to the following:
akeyless create-secret --name MySecret1 --value MySecretPassword
If you're not sure what authentication method to use, consult your administrator.
For more information about authentication methods, see Authentication Methods.
Bucket trust list
To pull the latest CLI version from the Akeyless official bucket, please make sure the following endpoint is trusted:
https://akeyless-cli.s3
Updated 3 months ago