CLI Reference

This section describes the available CLI commands that you can use when working with Akeyless.
If you need help in context, check out the help from the terminal:

akeyless -h
akeyless <command> -h, --help
akeyless <command> --debug

Download and install

Update Akeyless CLI

Akeyless update

AKEYLESS CLI, Version x.x.x is up-to-date

Commands for all items and objects

describe-item

Returns the item details, which vary depending on the type of item.

Usage
akeyless describe-item --name ItemName 
akeyless describe-item --name ItemName --version VersionNumber
akeyless describe-item --name ItemName --show-versions
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Item name.

--version

Version number.

--show-versions[=false]

Include all item versions in reply, by default set to false.

Output

With only --name specified, the command returns all details about the specified item except for its version.

When a version number is specified, the command returns all details about the specified item for the specified version.

When --show-versions is specified, the command returns all details about the specified item including a full list of versions, their creation dates, and their encryption keys for any version for which a key other than the default was used.

update-item

Update item name, metadata or tags.

❗️

Secret versioning

No updates made with update-item can be saved as part of new versions, which means that these changes override existing data. If you wish to track these updates as part of secret versioning, first create a new version with update-version-val. You can create a new version value using the same value for the current version if you don't want to actually change the value. Thereafter, run update-item.

Usage
akeyless update-item --name ExistingNameofSecret --new-name NewName
akeyless update-item --name NameofSecret --new-metadata UpdateDescription
akeyless update-item --name NameofSecret --add-tag NewTagAdded
akeyless update-item --name NameofSecret --rm-tag Tag1
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

The current name of the item.

--new-name

The name that should now be assigned to the item.

--new-metadata[=default_metadata]

The new description for the item.

--add-tag

List of the new tags that will be attached to this item. To specify multiple tags use argument multiple times: --add-tag Tag1 --add-tag Tag2.

--rm-tag

List of the existing tags that should be removed from this item. To specify multiple tags use argument multiple times: --rm-tag Tag1 --rm-tag Tag2.

delete-item

Delete an item or an item version

Usage
akeylees delete-item -n <Path\to\item>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Item name.

--version[=-1]

The specific version you want to delete - 0=last version, -1=entire item with all versions (default).

--delete-in-days[=7]

The number of days to wait before deleting the item (relevant for keys only).

--delete-immediately[=false]

When delete-in-days=-1, must be set.

delete-items

Delete multiple items from a given path

akeyless delete-items -p <Path\do\delete\items>

list-items

Returns a list of all accessible items

Usage
akeyless list-items
Parameters

Parameter

Mandatory

Description

-t, --type

The item types list of the requested items. In case it is empty, all types of items will be returned. options: [key, static-secret, dynamic-secret].

--ItemsTypes

--filter

Filter by item name or part of it.

--tag

Filter by item tag.

--path

Path to folder.

--pagination-token

Next page reference.

move-objects

Move/Rename objects.

Usage
akeyless move-objects -s <soruce> -t <target>
Parameters

Parameter

Mandatory

Description

-s, --source

**Y**

Source path to move the objects from.

--t, --target

**Y**

Target path to move the objects to.

-o, --objects-type[=item]

The objects type to move (item/auth_method/role).

configure

Configure client profile.

Usage
akeyless configure
Parameters

Parameter

Mandatory

Description

---profile

The profile name to be configured.

--access-id

Access ID.

--access-key

Access Key.

--access-type[=access_key]

Access Type (access_key/password/azure_ad/saml/ldap/aws_iam).

--admin-password

Password (relevant only for access-type=password).

--admin-email

Email (relevant only for access-type=password).

--ldap_proxy_url

Address URL for ldap proxy (relevant only for access-type=ldap)

--azure_ad_object_id

Azure Active Directory ObjectId (relevant only for access-type=azure_ad)

--gcp-audience[=akeyless.io]

GCP audience to use in signed JWT (relevant only for access-type=gcp)

unconfigure

Remove Configuration of client profile.

Usage

akeyless unconfigure --profile <Profile name>

Did this page help you?