CLI Reference - KMIP Server
Akeyless KMIP Server
This section outlines the CLI commands relevant to KMIP Server.
General Flags:
--profile, --token
: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token
: The universal identity token, Required only for universal_identity authentication
-h, --help
: Display help information
--json[=false]
: Set output format to JSON
--jq-expression
: JQ expression to filter result output
--no-creds-cleanup[=false]
: Do not clean local temporary expired creds
kmip-set-server-state
kmip-set-server-state
Set the server state to enabled/disabled
Usage
akeyless kmip-set-server-state \
--state <Enabled / Disabled> \
--gateway-url <API Gateway URL:8000>
Flags
-s, --state
: Required, Make the server enabled or disabled [use 'enabled' or 'disabled']
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-server-setup
kmip-server-setup
Create a new KMIP environment
Usage
akeyless kmip-server-setup \
--hostname <KMPI server hostname> \
--certificate-ttl <Server certificate TTL in days (Deafult = 90)> \
--root <Root path of KMIP Objects> \
--gateway-url <API Gateway URL:8000>
Flags
-n, --hostname
: Required, Hostname of this KMIP server
-t, --certificate-ttl[=90]
: Server certificate TTL in days
-r, --root
: Required, Root path of KMIP Objects
-p, --output-file-folder
: Folder path to save CA certificate file (for example, '.'). A new file will be created in that folder: ca.cert.
-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-renew-server-certificate
kmip-renew-server-certificate
Renew KMIP server certificate
Flags
-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-renew-client-certificate
kmip-renew-client-certificate
Renew KMIP client certificate
Flags
-n, --name
: KMIP client name (either name or id are required)
-i, --client-id
: KMIP client ID (either name or id are required)
-p, --output-file-folder
: Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-list-clients
kmip-list-clients
Show existing KMIP clients
Flags
\-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port).
kmip-describe-server
kmip-describe-server
Show KMIP environment details
Flags
\-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port).
kmip-server-delete
kmip-server-delete
Delete the kmip server (allowed only if it has no clients nor associated items)
Flags
\-u, --gateway-url[=http://localhost:8000]\<c
: Gateway URL (Configuration Management port).
kmip-server-move
kmip-server-move
Move the root location of the kmip server and all associated items to a new root location
Usage
akeyless kmip-server-move \
--new-root <New root for the kmip server> \
--gateway-url <API Gateway URL:8000>
Flags
\-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port).
-n, --new-root
: Required, New root for the kmip server
kmip-describe-client
kmip-describe-client
Show KMIP client details
Flags
-n, --name
: KMIP client name (either name or id are required)
-i, --client-id
: KMIP client ID (either name or id are required)
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-delete-client
kmip-delete-client
Delete a KMIP client
Flags
-n, --name
: KMIP client name (either name or id are required)
-i, --client-id
: KMIP client ID (either name or id are required)
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-create-client
kmip-create-client
Create a new KMIP client
Ussage
akeyless kmip-create-client \
--name <Client name> \
--certificate-ttl <Server certificate TTL in days (Deafult = 90)> \
--gateway-url <API Gateway URL:8000>
Flags
-n, --name
: Required, Client name
\-t, --certificate-ttl[=90]
: Client certificate TTL in days
-p, --output-file-folder
: Folder path to save client certificate files (for example, '.'). Two files are created: .key and .cert
-a, --activate-keys-on-creation"h-0": "
: If set to 'true', newly created keys on the client will be set to an 'active' state
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-client-set-rule
kmip-client-set-rule
Add a new RBAC rule to a client
Supported capabilities are:
DENY
CREATE
REGISTER
REKEY
LOCATE
GET
GET_ATTRIBUTES
ACTIVATE
REVOKE
DESTROY
Usage
akeyless kmip-client-set-rule \
--path <Access path> \
--capability <Access capability> \
--name <KMIP client name> \
--client-id <KMIP client ID> \
--gateway-url <API Gateway URL:8000>
Flags
-p, --path
: Required, Access path, e.g /* or /some-key
-c, --capability
: Required, Access capability (see command description for supported values)
-n, --name
: KMIP client name (either name or id are required)
-i, --client-id
: KMIP client ID (either name or id are required)
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
kmip-client-delete-rule
kmip-client-delete-rule
Delete an RBAC rule from a client
Usage
akeyless kmip-client-delete-rule \
--path <Access path> \
--name <KMIP client name> \
--client-id <KMIP client ID> \
--gateway-url <API Gateway URL:8000>
Flags
-p, --path
: Required, Access path, e.g /* or /some-key
-n, --name
: KMIP client name (either name or id are required)
-i, --client-id
: KMIP client ID (either name or id are required)
\-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
Info
Writing commands - generating secrets
The default Akeyless Vault behavior is that the write commands (generate secrets) are performed to the main region of Akeyless Vault, while the read commands (fetch secrets) are performed on the nearest region to you, in order to minimize latency.
If you wish to change that, in order to work only with the master region, please add
optimize_dns_disable=true in the settings file.
Updated 3 months ago