CLI Reference - KMIP Server
Akeyless KMIP Server
kmip-set-server-state
kmip-set-server-state
Set the server state to enabled/disabled
Please note: mandatory values for this command: -s, --state
Usage
akeyless kmip-set-server-state --state <Enabled / Disabled> \
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-s, --state | (Mandatory) Make the server enabled or disabled [use 'enabled' or 'disabled'] |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-server-setup
kmip-server-setup
Create a new KMIP environment
Please note: mandatory values for this command: -n, --hostname
, -r, --root
Usage
akeyless kmip-server-setup --hostname <KMPI server hostname> \
--certificate-ttl <Server certificate TTL in days (Deafult = 90)> \
--root <Root path of KMIP Objects> \
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-n, --hostname | (Mandatory) Hostname of this KMIP server |
-t, --certificate-ttl[=90] | Server certificate TTL in days |
-r, --root | (Mandatory) Root path of KMIP Objects |
-p, --output-file-folder | Folder path to save CA certificate file (for example, '.'). A new file will be created in that folder: ca.cert. |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-renew-server-certificate
kmip-renew-server-certificate
Renew KMIP server certificate
Parameters
Parameter | Description |
---|---|
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-renew-client-certificate
kmip-renew-client-certificate
Renew KMIP client certificate
Parameters
Parameter | Description |
---|---|
-n, --name | KMIP client name (either name or id are required) |
-i, --client-id | KMIP client ID (either name or id are required) |
-p, --output-file-folder | Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-list-clients
kmip-list-clients
Show existing KMIP clients
Parameters
Parameter | Description |
---|---|
-u, --gateway-url[=http://localhost:8000] | Gateway URL (Configuration Management port). |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-describe-server
kmip-describe-server
Show KMIP environment details
Parameters
Parameter | Description |
---|---|
-u, --gateway-url[=http://localhost:8000] | Gateway URL (Configuration Management port). |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-server-delete
kmip-server-delete
Delete the kmip server (allowed only if it has no clients nor associated items)
Parameters
Parameter | Description |
---|---|
-u, --gateway-url[=http://localhost:8000]<c | Gateway URL (Configuration Management port). |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-server-move
kmip-server-move
Move the root location of the kmip server and all associated items to a new root location
Please note: mandatory values for this command: -n, --new-root
Usage
akeyless kmip-server-move --new-root <New root for the kmip server> \
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-u, --gateway-url[=http://localhost:8000] | Gateway URL (Configuration Management port). |
-n, --new-root | (Mandatory) New root for the kmip server |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-describe-client
kmip-describe-client
Show KMIP client details
Parameters
Parameter | Description |
---|---|
-n, --name | KMIP client name (either name or id are required) |
-i, --client-id | KMIP client ID (either name or id are required) |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-delete-client
kmip-delete-client
Delete a KMIP client
Parameters
Parameter | Description |
---|---|
-n, --name | KMIP client name (either name or id are required) |
-i, --client-id | KMIP client ID (either name or id are required) |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-create-client
kmip-create-client
Create a new KMIP client
Please note: mandatory values for this command: -n, --name
Ussage
akeyless kmip-create-client --name <Client name> \
--certificate-ttl <Server certificate TTL in days (Deafult = 90)> \\
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Client name |
-t, --certificate-ttl[=90] | Client certificate TTL in days |
-p, --output-file-folder | Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert |
-a, --activate-keys-on-creation"h-0": " | If set to 'true', newly created keys on the client will be set to an 'active' state |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-client-set-rule
kmip-client-set-rule
Add a new RBAC rule to a client
Supported capabilities are:
DENY
CREATE
REGISTER
REKEY
LOCATE
GET
GET_ATTRIBUTES
ACTIVATE
REVOKE
DESTROY
Please note: mandatory values for this command: -p, --path
, -c, --capability
Usage
akeyless kmip-client-set-rule --path <Access path> \
--capability <Access capability> \
--name <KMIP client name> \
--client-id <KMIP client ID> \
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-p, --path | (Mandatory) Access path, e.g /* or /some-key |
-c, --capability | (Mandatory) Access capability (see command description for supported values) |
-n, --name | KMIP client name (either name or id are required) |
-i, --client-id | KMIP client ID (either name or id are required) |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
kmip-client-delete-rule
kmip-client-delete-rule
Delete an RBAC rule from a client
Please note: mandatory values for this command: -p, --path
Usage
akeyless kmip-client-delete-rule --path <Access path> \
--name <KMIP client name> \
--client-id <KMIP client ID> \
--gateway-url <API Gateway URL:8000>
Parameters
Parameter | Description |
---|---|
-p, --path | (Mandatory) Access path, e.g /* or /some-key |
-n, --name | KMIP client name (either name or id are required) |
-i, --client-id | KMIP client ID (either name or id are required) |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
Writing commands - generating secrets
The default Akeyless Vault behavior is that the write commands (generate secrets) are performed to the main region of Akeyless Vault, while the read commands (fetch secrets) are performed on the nearest region to you, in order to minimize latency.
If you wish to change that, in order to work only with the master region, please add
optimize_dns_disable=true in the settings file.
Updated 17 days ago