CLI Reference - Akeyless KMIP Server

Akeyless KMIP Server

kmip-set-server-state

Set the server state to enabled/disabled.

Parameters

Parameter

Mandatory

Description

-s, --state

**Y**

Enable or disable KMIP server [use 'enabled' or 'disabled']

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-server-setup

Create a new KMIP server.

Parameters

Parameter

Mandatory

Description

-n, --hostname

**Y**

The hostname of the KMIP server.

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-t, --certificate-ttl[=90]

Server certificate TTL in days.

-r, --root[=/kmip/default]

The root path of KMIP Objects.

-p, --output-file-folder

The folder path to save the CA certificate file (for example, '.'). A new file will be created in that folder: ca.cert.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-renew-server-certificate

Renew KMIP server certificate.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-renew-client-certificate

Renew KMIP client certificate.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name (either name or id are required).

-i, --client-id

**Y**

KMIP client ID (either name or id are required).

-p, --output-file-folder

Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert .

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-list-clients

Show existing KMIP clients.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-describe-server

Show KMIP server details.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-describe-client

Show KMIP client details.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name (either name or id are required).

-i, --client-id

**Y**

KMIP client ID (either name or id are required).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-delete-client

Delete a KMIP client.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name (either name or id are required).

-i, --client-id

**Y**

KMIP client ID (either name or id are required).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-create-client

Create a new KMIP client.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name.

-t, --certificate-ttl[=90]

Server certificate TTL in days.

-p, --output-file-folder

Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert .

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-client-set-rule

Add a new RBAC rule to a client.

Parameters

Parameter

Mandatory

Description

-p, --path

**Y**

Access path, e.g /* or /some-key .

-c, --capability

**Y**

Access capability. Supported capabilities are DENY, CREATE, REGISTER, REKEY, LOCATE, GET, GET_ATTRIBUTES, ACTIVATE, REVOKE, and DESTROY.

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name (either name or id are required).

-i, --client-id

**Y**

KMIP client ID (either name or id are required).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

kmip-client-delete-rule

Delete an RBAC rule from a client.

Parameters

Parameter

Mandatory

Description

-p, --path

**Y**

Access path, e.g /* or /some-key.

-u, --gateway-url[=http://localhost:8000]

Gateway URL (Configuration Management port).

-n, --name

**Y**

KMIP client name (either name or id are required).

-i, --client-id

**Y**

KMIP client ID (either name or id are required).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

set-item-state

Sets the item state to enabled/disabled.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Current item name.

-s, --desired-state

**Y**

Desired item state [Enabled, Disabled]

--version[=0]

The specific version you want to update: 0=item level state (default).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

๐Ÿ“˜

Writing commands - generating secrets

The default Akeyless Vault behavior is that the write commands (generate secrets) are performed to the main region of Akeyless Vault, while the read commands (fetch secrets) are performed on the nearest region to you, in order to minimize latency.
If you wish to change that, in order to work only with the master region, please add
optimize_dns_disable=true in the settings file.


Did this page help you?