CLI Reference - Dynamic Secrets

Dynamic Secrets

This section outlines the CLI commands relevant to Dynamic Secrets.

General Flags:

--profile, --token: Use a specific profile (located at $HOME/.

akeyless/profiles) or a temp access token

--uid-token: The universal identity token, Required only for universal_identity authentication

-h, --help: Display help information

--json[=false]: Set output format to JSON

--jq-expression: JQ expression to filter result output

--no-creds-cleanup[=false]: Do not clean local temporary expired creds

get-dynamic-secret-value

Get the value of the dynamic secret

Usage
akeyless get-dynamic-secret-value \
--name <Dynamic Secret name> \
--target <Target Name>
Flags

-n, --name: Required, Dynamic secret name

--host: Host

--target: Target Name

--args: Optional arguments as key=value pairs or JSON strings, e.g - --args=csr=base64_encoded_csr --args=common_name=bar or --args='{csr:base64_encoded_csr}. It is possible to combine both formats.' [role_arn,username,csr,common_name]

--timeout[=5]: timeout in seconds

--jq-expression: JQuery expression to filter result output

Create Producer

gateway-create-producer-artifactory

Creates Artifactory producer

Usage
akeyless gateway-create-producer-artifactory \
--name <Producer Name> \
--artifactory-token-scope <Space-separated list of scopes> \
--artifactory-token-audience <Space-separated list of instances> \
--target-name <Target Name> \
--gateway-url <Artifactory REST URL:8000 must end with artifactory postfix) 
akeyless gateway-create-producer-artifactory \
--name <Producer Name> \
--artifactory-token-scope *<Space-separated list of scopes> \
--artifactory-token-audience *<Space-separated list of instances> \
--gateway-url <Artifactory REST URL:8000 must end with artifactory postfix) \
--base-url <Artifactory REST URL> \
--artifactory-admin-name <Artifactory Admin username> \
--artifactory-admin-pwd <Artifactory Admin API Key or password>
Flags

-n, --name: Required, Producer name

-s, --artifactory-token-scope: Required, Token scope provided as a space-separated list, for example: member-of-groups:readers \n -a, --artifactory-token-audience _A space-separated list of other Artifactory instances or services that should accept this token, for example: jfrt@

-a, --artifactory-token-audience: Required, A space-separated list of other Artifactory instances or services that should accept this token, for example: jfrt@*

--target-name: Name of existing target to use in producer creation

-b, --base-url: Artifactory REST URL, must end with artifactory postfix

-r, --artifactory-admin-name: Admin name

-p, --artifactory-admin-pwd: Admin API Key/Password

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL \nDefault = 60m

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-ping

Creates a Ping dynamic secret producer

Usage
akeyless gateway-create-producer-ping \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--ping-client-authentication-type CLIENT_SECRET \
--ping-grant-types AUTHORIZATION_CODES \
--ping-redirect-uris <https://your-server.com/api/callback>
akeyless gateway-create-producer-ping \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--ping-url <https://my-pf-server.com> \
--ping-privileged-user <Username> \
--ping-password <Password> \
--ping-client-uthentication-type CLIENT_SECRET \
--ping-grant-types AUTHORIZATION_CODES \
--ping-redirect-uris <https://your-server.com/api/callback>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--ping-url: Ping URL

-s, --ping-privileged-user: Ping Federate privileged user

-p, --ping-password: Ping Federate privileged user password

-i, --ping-administrative-port[=9999]: Ping Federate administrative port

-j, --ping-authorization-port[=903]: Ping Federate authorization port

-t, --ping-client-authentication-type[=CLIENT_SECRET]: OAuth Client Authentication Type [CLIENT_SECRET, PRIVATE_KEY_JWT, CLIENT_TLS_CERTIFICATE]

--ping-issuer-dn: Issuer DN of trusted CA certificate that imported into Ping Federate server. You may select Trust Any to trust all the existing issuers in Ping Federate server. Used in conjunction with --ping-cert-subject-dn (relevant for CLIENT_TLS_CERTIFICATE authentication method)

--ping-cert-subject-dn: The subject DN of the client certificate. If no explicit value is given, the producer will create CA certificate and matched client certificate and return it as value. Used in conjunction with --ping-issuer-dn (relevant for CLIENT_TLS_CERTIFICATE authentication method)

-f, --ping-enforce-replay-prevention[=false]: Determines whether PingFederate requires a unique signed JWT from the client for each action (relevant for PRIVATE_KEY_JWT authentication method)

--ping-jwks: Base64-encoded JSON Web Key Set (JWKS). If no explicit value is given, the producer will create JWKs and matched signed JWT (Sign Algo: RS56) and return it as value (relevant for PRIVATE_KEY_JWT authentication method)

--ping-jwks-url: The URL of the JSON Web Key Set (JWKS). If no explicit value is given, the producer will create JWKs and matched signed JWT and return it as value (relevant for PRIVATE_KEY_JWT authentication method)

--ping-signing-algo: The signing algorithm that the client must use to sign its request objects [RS56, RS384, RS5, ES56, ES384, ES5, PS56, PS384, PS5] If no explicit value is given, the client can use any of the supported signing algorithms (relevant for PRIVATE_KEY_JWT authentication method)

-g, --ping-grant-types: OAuth client grant types [IMPLICIT, AUTHORIZATION_CODE, CLIENT_CREDENTIALS, TOKEN_EXCHANGE, REFRESH_TOKEN, ASSERTION_GRANTS, PASSWORD, RESOURCE_OWNER_CREDENTIALS]. If no explicit value is given, AUTHORIZATION_CODE will be selected as default. For multiple values repeat this flag.

-r, --ping-redirect-uris: URI to which the OAuth authorization server may redirect the resource owner's user agent after authorization is obtained. At least one redirection URI is required for the AUTHORIZATION_CODE and IMPLICIT grant types. For multiple values repeat this flag.

-d, --ping-atm-id: Set a specific Access Token Management (ATM) instance for the created OAuth Client by providing the ATM Id. If no explicit value is given, the default pingfederate server ATM will be set.

-o, --ping-restricted-scopes: Limit the OAuth client to specific scopes. For multiple values repeat this flag.

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

-e, --producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: The time from dynamic secret creation to expiration.

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-certificate-automation

Creates a Certificate Automation dynamic secret producer to create certificates generated by Venafi or monitored by Venafi and generated by Akeyless PKI

Usage
akeyless gateway-create-certificate-automation \
	--name <Producer Name> \
  --gateway-url <API Gateway URL:8000> \
  --venafi-use-tpp <Required in TTP> \
  --venafi-access-token <Venafi Access Token> \
  --venafi-refresh-token <Venafi Refresh Token> \
  --venafi-baseurl <TPP Enviornment BASE URL> \
  --venafi-zone <Venafi Zone>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-z, --venafi-zone: Venafi Zone

-u, --gateway-url[=http://localhost:8000]:API Gateway URL (Configuration Management port)

--venafi-api-key: Venafi API key (Relevant when using Venafi Cloud)

--venafi-use-tpp: When connecting to TPP this flag is required

--venafi-access-token: Venafi Access Token to use to access the TPP environment (Relevant when using TPP)

--venafi-refresh-token: Venafi Refresh Token to use when the Access Token is expired (Relevant when using TPP)

--venafi-baseurl: Base URL of the TPP environment. Or Cloud environment which isn't https://venafi.cloud/

--sign-using-akeyless-pki: creating certificates using Akeyless PKI

--root-first-in-chain: root first in chain

--store-private-key: store private key in Akeyless

--auto-generated-folder: auto generated folder

--signer-key-name: signer key name

--allowed-domains: allowed domains

--allow-subdomains: allow subdomains

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60h]: User TTL in time.Duration format (60h / 9600m / etc...). When using sign-using-akeyless-pki certificates created will have this validity period, otherwise the user-ttl is taken from the Validity Period field of the Zone's' Issuing Template. When using cert-manager it is advised to have a TTL of above 60 days (440h). For more information - https://cert-manager.io/docs/usage/certificate/ \nDefault = 60h

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--admin-creds-rotation[=false]: Enable automatic admin credentials rotation \nDefault = false

--admin-creds-rotation-interval[=0]: Admin credentials rotation interval (days)

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-aws

Creates AWS producer

Usage
akeyless gateway-create-producer-aws \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--aws-access-mode <iam_userassumed_role> \
--aws-user-policies <Policy ARN> \
--aws-user-groups <UserGroup name> \
--aws-role-arns <AWS Role ARNs>
akeyless gateway-create-producer-aws \
--name <producer Name> \
--gateway-url <API Gateway URL:8000> \
--aws-access-mode <iam_userassumed_role> \
--aws-user-policies <Policy ARN> \
--aws-user-groups <UserGroup name> \
--aws-role-arns <AWS Role ARNs> \
--aws-access-key-id <Access ID> \
--aws-access-secret-key <Access Key> \
--aws-region <Region>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-i, --aws-access-key-id: Access Key ID

-s, --aws-access-secret-key: Access Secret Key

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port) \nDefault = http://localhost:8000

--aws-access-mode: The types of credentials to retrieve from AWS. Options:[iam_user,assume_role]

--aws-region[=us-east-]: Region \nDefault = us-east-

--aws-user-policies: Policy ARN(s). Multiple values should be separated by comma

aws-user-groups: UserGroup name(s). Multiple values should be separated by comma

--aws-role-arns: AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma

--aws-user-console-access=[false] : Enable AWS User console access \nDefault = false

--aws-user-programmatic-access[=true]: Enable AWS User programmatic access \nDefault = true

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL \nDefault = 60m

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--admin-creds-rotation[=false]: Enable automatic admin credentials rotation \nDefault = flase

--admin-creds-rotation-interval='0': Admin credentials rotation interval (days)

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-aws-account-id: The aws account id

--secure-access-aws-native-cli: The aws native cli

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion \nDefault = false

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion \nDefault = false

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=true]: Enable Web Secure Remote Access \nDefault = true

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-azure

Creates Azure AD producer

Usage
akeyless gateway-create-producer-azure \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--azure-user-portal-access <truefalse> \
--azure-user-programmatic-access <truefalse> \
--azure-app-obj-id <Azure App Object ID> \
--azure-user-principal-name <Azure User Principal Name> \
--fixed-user-only <truefalse> \
--fixed-user-claim-keyname <Key name of the IdP claim>
akeyless gateway-create-producer-azure \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--azure-user-portal-access <truefalse> \
--azure-user-programmatic-access <truefalse> \
--azure-app-obj-id <Azure App Object ID> \
--azure-user-principal-name <Azure User Principal Name> \
--fixed-user-only <truefalse> \
--fixed-user-claim-keyname <Key name of the IdP claim> \
--azure-tenant-id <Azure Tenant ID> \
--azure-client-id <Azure Client ID> \
--azure-client-secret <Azure AD Client Secret>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--azure-tenant-id: Azure Tenant ID

--azure-client-id: Azure Client ID (Application ID)

--azure-client-secret: Azure AD Client Secret

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--azure-user-portal-access[=false]: Enable Azure AD user portal access \nDefault = false

--azure-user-programmatic-access[=true]: Enable Azure AD user programmatic access \nDefault = True.

--azure-app-obj-id: Azure App Object ID (required if selected programmatic access)

--azure-user-principal-name: Azure AD User Principal Name (required if selected Portal access)

--azure-user-group-obj-id : Azure AD User Group Object ID (required if selected Portal access)

--azure-user-role-template-id: Azure AD User Role Template ID (required if selected Portal access)

--producer-encryption-key-name: Encrypt producer with following key

--fixed-user-only[=false]: Allow access using externally (IdP) provided username \nDefault = false

--fixed-user-claim-keyname: For externally provided users, denotes the key-name of IdP claim to extract username from

--user-ttl[=60m] : User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-web[=true]: Enable Web Secure Remote Access

--password-length: The length of the password to be generated:

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-eks

Creates Amazon Elastic Kubernetes Service (Amazon EKS) producer

Usage
akeyless gateway-create-producer-eks \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--eks-assume-role <Role ARN>
akeyless gateway-create-producer-eks \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--eks-assume-role <Role ARN> \
--eks-access-key-id <IAM user Access Key ID> \
--eks-secret-access-key <IAM user secret Access Key> \
--eks-region <EKS cluster region> \
--eks-cluster-name <EKS cluster Name> \
--eks-cluster-endpoint <EKS Cluster endpoint URL> \
--eks-cluster-ca-cert <Base64-encoded EKS cluster CA certificate>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--eks-cluster-name: EKS cluster name. Must match the EKS cluster name you want to connect to

--eks-cluster-endpoint: EKS Cluster endpoint. https:// , <DNS / IP> of the cluster

--eks-cluster-ca-cert: EKS Cluster certificate. Base 64 encoded certificate

--eks-access-key-id: EKS Access Key ID

--eks-secret-access-key : EKS Secret Access Key

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--eks-region[=us-east-]: EKS Region

--eks-assume-role: Role ARN. Role to assume when connecting to the EKS cluster

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint URL

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access.

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-gke

Creates Google Kubernetes Engine (GKE) producer

Usage
akeyless gateway-create-producer-gke \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> 
akeyless gateway-create-producer-gke \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000>  \
--gke-account-email <GKE service account email> \
--gke-account-key <GKE service account Key> \
--gke-cluster-endpoint <GKE cluster endpoint URL> \
--gke-cluster-ca-cert <Base64-encoded GKE cluster CA certificate> \
--gke-cluster-name <GKE cluster name>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--gke-account-email: GKE service account email

--gke-cluster-endpoint: GKE cluster endpoint, i.e., cluster URI https\://\<DNS/IP>

--gke-cluster-ca-cert: GKE Base-64 encoded cluster certificate

--gke-account-key-file-path: File path to GKE service account key

--gke-account-key: GKE service account key

--gke-cluster-name: GKE cluster name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint URL

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access

--secure-access-bastion-issuer : Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token

--uid-token: The universal identity token. It is required only for the universal_identity authenticatio

gateway-create-producer-gcp

Creates Google Cloud Provider (GCP) producer

Usage
akeyless gateway-create-producer-gcp \
--name <Producer Name> \
--service-account-type <fixed/dynamic> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--gcp-sa-email <service account email> \
--gcp-cred-type <tokenkey> \
--gcp-token-scopes <Token Scopes> \
--gcp-key-algo <Service Key Algorithm>
akeyless gateway-create-producer-gcp \
--name <Producer Name> \
--service-account-type <fixed, dynamic> \
--gateway-url <API Gateway URL:8000> \
--gcp-sa-email <service account email> \
--gcp-cred-type <tokenkey> \
--gcp-token-scopes <Token Scopes> \
--gcp-key-algo <Service Key Algorithm> \
--gcp-sa-email <GCP Service Account Email> \
--gcp-key-file-path <GCP Service Account Private Key>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--gcp-cred-type[=token]: Credentials type, options are [token, key]

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--gcp-key-file-path : Path to file with the Base64-encoded service account private key

--gcp-key: Base64-encoded service account private key text

--gcp-token-scopes: Access token scopes list, e.g. scope,scope

--gcp-key-algo: Service account key algorithm, e.g. KEY_ALG_RSA_04

--user-ttl='60m': User TTL (<=60m for access token)

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--producer-encryption-key-name: Dynamic producer encryption key

-s, --service-account-type[=fixed]: Required, The type of the gcp dynamic secret. Options[fixed, dynamic]

-e, --gcp-sa-email: The email of the fixed service acocunt to generate keys or tokens for. (revelant for service-account-type=fixed)

--role-binding: Role binding definitions in json format

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-cassandra

Create Cassandra producer

Usage
akeyless gateway-create-producer-cassandra  \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--cassandra-statements CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN = true; GRANT SELECT ON ALL KEYSPACES TO '{{username}}';
akeyless gateway-create-producer-cassandra  \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--cassandra-hosts <Cassandra host> \
--cassandra-port <Cassandra port> \
--cassandra-username <Cassandra username> \
--cassandra-password <password> \
--cassandra-statements CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN = true; GRANT SELECT ON ALL KEYSPACES TO '{{username}}';
Flags

-n, --name: Required, Producer name

--target-name: Target name

--cassandra-hosts: Cassandra hosts names or IP addresses, comma separated

--cassandra-username: Cassandra superuser user name

--cassandra-password: Cassandra superuser password

--cassandra-port[=904]: Cassandra port

--cassandra-statements[=CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN = true; GRANT SELECT ON ALL KEYSPACES TO '{{username}}';]: Cassandra Creation Statements

--user-ttl[=60m]: User TTL (<=60m for access token)

--producer-encryption-key-name: Dynamic producer encryption key

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--password-length: The length of the password to be generated

-u, --gateway-url[=http://localhost:8000] : API Gateway URL (Configuration Management port)

--delete-protection : Protection from accidental deletion of this item, [true/false]

_

_

Creates HanaDB producer

Usage
akeyless gateway-create-producer-hanadb \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--hanadb-creation-statements CREATE USER {{name}} PASSWORD '{{password}}';GRANT 'MONITOR ADMIN' TO {{name}}; \
--hanadb-revocation-statements DROP USER {{name}};
akeyless gateway-create-producer-hanadb \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--hana-dbname <HanaDB name> \
--hanadb-username <HanaDB admin username> \
--hanadb-password <HanaDB admin password> \
--hanadbt-host <HanaDB host> \
--hanadb-port <HanaDB port> \
--hanadb-creation-statements CREATE USER {{name}} PASSWORD '{{password}}';GRANT 'MONITOR ADMIN' TO {{name}}; \
--hanadb-revocation-statements DROP USER {{name}};
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-d, --hana-dbname: Hana DB Name

-u, --gateway-url[=http://localhost:8000] : API Gateway URL (Configuration Management port)

--hanadb-username: HanaDB user

--hanadb-password: HanaDB password

--hanadb-host[=7.0.0.]: HanaDB host name

--hanadb-port[=443]: HanaDB port

--hanadb-creation-statements[=CREATE USER {{name}} PASSWORD {{password}}; GRANT MONITOR ADMIN TO {{name}};]: HanaDB Creation Statements

--hanadb-revocation-statements[=DROP USER {{name}};]: HanaDB Revocation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer : Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag.

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-oracle

Creates Oracle DB producer

Usage
akeyless gateway-create-producer-oracle \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \ 
--oracle-statements 'CREATE USER {{username}} IDENTIFIED BY {{password}}; GRANT CONNECT TO {{username}}; GRANT CREATE SESSION TO {{username}};'
akeyless gateway-create-producer-oracle \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--oracle-service-name <Your Oracle DB Service name > \
--oracle-username <Oracle DB admin username> \
--oracle-password <Oracle DB admin password> \
--oracle-host <Your Oracle DB host> \
--oracle-port <Oracle DB port> \
--oracle-statements 'CREATE USER {{username}} IDENTIFIED BY {{password}}; GRANT CONNECT TO {{username}}; GRANT CREATE SESSION TO {{username}};'
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-d, --oracle-service-name: Oracle service name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--oracle-username: Oracle user

--oracle-password: Oracle password

--oracle-host[=7.0.0.]: Oracle host name

--oracle-port[=5]: Oracle port

--oracle-statements: Oracle Creation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl\[=60m: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--db-server-certificates: the set of root certificate authorities in base64 encoding that clients use when verifying server certificates

--db-server-name: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address

--secure-access-enable[=false]: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host : Target DB servers for connections., For multiple values repeat this flag.

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-redshift

Creates Redshift producer

Usage
akeyless gateway-create-producer-redshift \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--redshift-statements CREATE USER '{{username}}' WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO '{{username}}'; \
--ssl <falestrue>
akeyless gateway-create-producer-redshift \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--redshift-db-name <Redshift DB name> \
--redshift-username <Redshift DB admin username> \
--redshift-password <Redshift DB admin password> \
--redshift-host <Redshift DB host> \
--redshift-port <Redshift DB port> \
--redshift-statements CREATE USER '{{username}}' WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO '{{username}}';
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--redshift-db-name: Redshift DB name

-u, --gateway-url[=http://localhost:8000]: Gateway url

--redshift-username: redshiftL user

--redshift-password: Redshift password

--redshift-host[=7.0.0.]: Redshift host name

--redshift-port[=5439]: Redshift port

--redshift-statements[=CREATE USER {{username}} WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{username}};]: Redshift Creation Statements

--ssl[=false]: Enable/Disable SSL [true/false]

--enc-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag.

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-mongo

Creates a MongoDB/MongoDB Atlas producer

Usage
akeyless gateway-create-producer-mongo \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mongodb-roles <New User Role>
akeyless gateway-create-producer-mongo \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--mongodb-roles <New User Role> \
--mongodb-name <MongoDB name> \
--mongodb-username <MongoDB server admin username> \
--mongodb-password <MongoDB server admin password> \
--mongodb-host-port <host:port>
Flags

-n, --name: Required, Producer name

--target-name : Name of existing target to use in producer creation

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--mongodb-roles\[=\[]]: MongoDB roles (e.g. MongoDB:[{role:readWrite, db: sales}], MongoDB Atlas:[{roleName : readWrite, databaseName: sales}])

--mongodb-custom-data: MongoDB custom data (e.g. {team:blue})

--mongodb-server-uri: MongoDB server URI (e.g. mongodb://user:[email protected]:707/admin?replicaSet=mySet)

--mongodb-username: MongoDB server username

--mongodb-password: MongoDB server password

--mongodb-host-port: host:port (e.g. my.mongo.db:707)

--mongodb-default-auth-db: MongoDB server default authentication database

--mongodb-uri-options: MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB)

--mongodb-atlas-project-id: MongoDB Atlas project ID

--mongodb-atlas-api-public-key: MongoDB Atlas public key

--mongodb-atlas-api-private-key: MongoDB Atlas private key

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL (e.g. 60s, 60m, 60h)

-t, --tag: Add tags attached to this object. To specify multiple tags use argument multiple times: --tag Tag1 -t Tag2

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag.

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-mssql

Creates Microsoft SQL Server

Usage
akeyless gateway-create-producer-mssql \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mssql-creation-statements CREATE LOGIN {{name}} WITH PASSWORD = '{{password}}'; \
--mssql-revocation-statements DROP LOGIN '{{name}}';
akeyless gateway-create-producer-mssql \
--name *<Producer Name> \
--gateway-url <API Gateway URL:8000> \
--mssql-creation-statements CREATE LOGIN {{name}} WITH PASSWORD = '{{password}}'; \
--mssql-revocation-statements DROP LOGIN '{{name}}'; \
--mssql-dbname <MSSQL Server DB Name> \
--mssql-username <MSSQL Server admin user> \
--mssql-password <MSSQL Server admin password> \
--mssql-host <MSSQL Server host name> \
--mssql-port <MSSQL Server port>
Flags

-n, --name: Required, Producer name

--target-name : Name of existing target to use in producer creation

--mssql-dbname: MSSQL Server DB Name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--mssql-username: MS SQL Server user

--mssql-password: MS SQL Server password

--mssql-host[=7.0.0.]: MS SQL Server host name

--mssql-port[=433]: MS SQL Server port

--mssql-creation-statements\[=CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';]: MSSQL Server Creation Statements

--mssql-revocation-statements\[=DROP LOGIN [{{name}}];]: MSSQL Server Revocation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-mysql

Creates MySQL producer

Usage
akeyless gateway-create-producer-mysql \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mysql-statements CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}' PASSWORD EXPIRE INTERVAL 30 DAY;GRANT SELECT ON *.* TO '{{name}}'@'%';
akeyless gateway-create-producer-mysql \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--mysql-statements CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}' PASSWORD EXPIRE INTERVAL 30 DAY;GRANT SELECT ON *.* TO '{{name}}'@'%'; \
--mysql-dbname <MySQL DB Name > \
--mysql-host <MySQL host> \
--mysql-port <MySQL port> \
--mysql-username <MySQL admin username> \
--mysql-password <MySQL admin password>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--mysql-dbname: MySQL DB name

-u, --gateway-url[=http://localhost:8000] : API Gateway URL (Configuration Management port)

--mysql-username: MySQL user

--mysql-password: MySQL password

--mysql-host[=7.0.0.]: MySQL host name

--mysql-port[=3306]": MySQL port

--mysql-statements: MySQL Creation Statements

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated`:

--db-server-certificates: the set of root certificate authorities in base64 encoding that clients use when verifying server certificates

--db-server-name: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer : Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-postgresql

Creates PostgreSQL producer

Usage
akeyless gateway-create-producer-postgresql \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--postgresql-statements 'CREATE USER {{name}} WITH PASSWORD {{password}}; GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{name}}; GRANT CONNECT ON DATABASE postgres TO {{name}}; GRANT USAGE ON SCHEMA public TO {{name}};' \
--postgresql-revoke-statement 'REASSIGN OWNED BY {{name}} TO {{userHost}}; DROP OWNED BY {{name}}; SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE usename = {{name}}; DROP USER {{name}};'
akeyless gateway-create-producer-postgresql \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--postgresql-db-name <PostgreSQL DB name> \
--postgresql-username <PostgreSQL DB admin username> \
--postgresql-password <PostgreSQL DBadmin password> \
--postgresql-host <PostgreSQL DB host> \
--postgresql-port <PostgreSQL DB port> \
--postgresql-statements 'CREATE USER {{name}} WITH PASSWORD {{password}}; GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{name}}; GRANT CONNECT ON DATABASE postgres TO {{name}}; GRANT USAGE ON SCHEMA public TO {{name}};' \
--postgresql-revoke-statement 'REASSIGN OWNED BY {{name}} TO {{userHost}}; DROP OWNED BY {{name}}; SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE usename = {{name}}; DROP USER {{name}};'
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--postgresql-db-name: PostgreSQL DB name

-u, --gateway-url[=http://localhost:8000] : API Gateway URL (Configuration Management port)

--postgresql-username: PostgreSQL user

--postgresql-password: PostgreSQL password

--postgresql-host[=7.0.0.]: PostgreSQL host name

--postgresql-port[=543]: PostgreSQL port

--postgresql-statements[=CREATE USER {{name}} WITH PASSWORD '{{password}}';GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{name}};GRANT CONNECT ON DATABASE postgres TO {{name}};GRANT USAGE ON SCHEMA public TO {{name}};]: PostgreSQL Creation Statements

--postgresql-revoke-statement[=REASSIGN OWNED BY {{name}} TO {{userHost}}; DROP OWNED BY {{name}}; select pg_terminate_backend(pid) from pg_stat_activity where usename = '{{name}}'; DROP USER {{name}};]: PostgreSQL Revocation Statement

--enc-key-name: Encrypt producer with following key

--ssl[=false]: Enable/Disable SSL [true/false]

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion.

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag.

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-rabbitmq

Creates RabbitMQ producer

Usage
akeyless gateway-create-producer-rabbitmq \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--rabbitmq-user-conf-permission <User configuration permission> \
--rabbitmq-user-write-permission <User write permission> \
--rabbitmq-user-read-permission <User read permission>
akeyless gateway-create-producer-rabbitmq \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--rabbitmq-user-conf-permission <User configuration permission> \
--rabbitmq-user-write-permission <User write permission> \
--rabbitmq-user-read-permission <User read permission> \
--rabbitmq-server-uri <RabbitMQ server URI> \
--rabbitmq-admin-user <RabbitMQ server admin> \
--rabbitmq-admin-pwd <RabbitMQ server password>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--rabbitmq-server-uri: RabbitMQ server URI

--rabbitmq-user-conf-permission: User configuration permission, for example:[.*,queue-name]

--rabbitmq-user-write-permission: User write permission, for example:[.*,queue-name]

--rabbitmq-user-read-permission: User read permission, for example:[.*,queue-name]

--rabbitmq-admin-user: RabbitMQ server user

--rabbitmq-admin-pwd: RabbitMQ server password

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rabbitmq-user-vhost: User Virtual Host

--rabbitmq-user-tags: Comma separated list of tags to apply to user

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion.

--secure-access-url: Destination URL to inject secrets.

--secure-access-web[=true]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-rdp

Creates RDP producer

Usage
akeyless gateway-create-producer-rdp \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--rdp-user-groups <Group Name>
akeyless gateway-create-producer-rdp \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--rdp-user-groups <Group Name> \
--rdp-host-name <RDP Host name> \
--rdp-host-port <RDP port> \
--rdp-admin-name <RDP Admin name> \
--rdp-admin-pwd <RDP Admin Password>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--rdp-user-groups : RDP UserGroup name(s). Multiple values should be separated by comma

--rdp-host-name: RDP Host name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rdp-admin-name: RDP Admin name

--rdp-admin-pwd: RDP Admin password

--rdp-host-port[=]: RDP Host port

--fixed-user-only[=false]: Allow access using externally (IdP) provided username

--producer-encryption-key-name: Encrypt producer with following key

--warn-user-before-expiration: Display message to user before TTL expires (min)

--allow-user-extend-session: Allow user to extend session periodically (min)

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-rdp-domain: Required when the Dynamic Secret is used for a domain user

--secure-access-rdp-user: Override the RDP Domain username

--secure-access-host: Target servers for connections., For multiple values repeat this flag.

--secure-access-allow-external-user[=false]: Allow providing external user for a domain users

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-snowflake

Creates Snowflake producer

Usage
akeyless gateway-create-producer-snowflake \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--role <New User Role> \
--warehouse <Wahehouse Name>
akeyless gateway-create-producer-snowflake \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--role <New User Role> \
--warehouse <Wahehouse Name> \
--account <Snowflake account name> \
--username <Snowflake username> \
--password <Snowflake password> \
--db-name <Database to which the generated credentials are restricted>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--account: Snowflake account name

--account-username: Snowflake account user name

--account-password: Snowflake account password

--db-name: The DB the generated credentials are restricted to

--role: Role to be assigned to the generated credentials

--warehouse: The warehouse the generated credentials are restricted to

--snowflake-api-private-key: RSA Private key (base64 encoded), if this is provided, flag --snowflake-api-private-key-file-name is ignored

--snowflake-api-private-key-file-name: The path to the file containing the private key, if this is provided, flag --snowflake-api-private-key is ignored

--snowflake-api-private-key-passphrase: The Private key passphrase

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--user-ttl[=4h]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-ldap

Creates LDAP producer

Usage
akeyless gateway-create-producer-ldap \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--user-dn <User Base DN>
akeyless gateway-create-producer-ldap \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--ldap-url <LDAP server URL> \
--bind-dn <LDAP Bind DN> \
--bind-dn-password <Password> \
--ldap-ca-cert <LDAP base-64 encoded CA Certificate> \
--user-dn <User Base DN>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--ldap-url: LDAP Server URL

--user-dn: User Base DN

--user-attribute: LDAP User Attribute

-t, --ldap-ca-cert: LDAP base-64 encoded CA Certificate

--bind-dn: LDAP Bind DN

--bind-dn-password: Password for LDAP Bind DN

--external-username[=false]: Externally provided username

--token-expiration: LDAP token expiration in seconds

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m] : User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--password-length: The length of the password to be generated

--delete-protection : Protection from accidental deletion of this item, [true/false]

gateway-create-producer-github

Creates Github producer that support tokens creation with fixed ttl of 60 minutes

.

Usage
akeyless gateway-create-producer-github \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--installation-id <Your GitHub Installation ID>
akeyless gateway-create-producer-github \
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--installation-id <Your GitHub Installation ID> \
--github-app-id <Your GitHub application ID> \
--github-app-private-key <Base64-encoded application private key> \
--github-base-url <Github base URL>
Flags

-n, --name: Required, Producer name

--installation-id: Github application installation id

--installation-repository : Optional, instead of installation id, set a GitHub repository '/'

--target-name: Name of existing target to use in producer creation

--github-app-id: Github application id

--github-app-private-key: Github application private key (base64 encoded key)

--github-base-url[=https://api.github.com/]: Github base url

-p, --token-permissions: Tokens' allowed permissions. By default use installation allowed permissions. Input format: key=value pairs or JSON strings, e.g - -p contents=read -p issues=write or -p '{content:read}'

-r, --token-repositories: Tokens' allowed repositories. By default use installation allowed repositories. To specify multiple repositories use argument multiple times: -r RepoName -r RepoName

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-dockerhub

Creates a Dockerhub producer

.

Usage
akeyless gateway-create-producer-dockerhub \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--dockerhub-token-scopes 'repo:admin,repo:write,repo:read,repo:public_read'
akeyless gateway-create-producer-dockerhub \
--name *<Producer Name> \
--gateway-url <API Gateway URL:8000> \
--dockerhub-token-scopes <'repo:admin,repo:write,repo:read,repo:public_read'> \      
--dockerhub-username <Username for docker repository> \
--dockerhub-password <Password for docker repository>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--dockerhub-username: Username for docker repository

--dockerhub-password: password for docker repository

--dockerhub-token-scopes : Comma-separated access token scopes list to give the created dynamic secret. Valid options are in 'repo:admin', 'repo:write', 'repo:read', 'repo:public_read'

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--user-ttl[=60m] : User TTL (<=60m for access token)

--tag: A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag --tag Tag .

--producer-encryption-key-name: Dynamic producer encryption key

--delete-protection: Protection from accidental deletion of this item, [true/false].

gateway-create-producer-k8s

Creates Native Kubernetes Service producer

.

Usage
akeyless gateway-create-producer-k8s \ 
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--k8s-service-account <service account>
akeyless gateway-create-producer-k8s \ 
--name <Producer name> \
--gateway-url <API Gateway URL:8000> \
--k8s-service-account <service account> \
--k8s-cluster-endpoint <Cluster Endpoint URL> \
--k8s-cluster-ca-cert <Base64-encoded cluster CA certificate> \
--k8s-cluster-token ${TOKEN}

# Or using GW Service Account
akeyless gateway-create-producer-k8s \ 
--name <Producer Name> \
--gateway-url <API Gateway URL:8000> \
--use-gw-service-account
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-e, --k8s-cluster-endpoint: K8S Cluster endpoint. <DNS / IP> of the cluster

-c, --k8s-cluster-ca-cert: K8S Cluster certificate. Base 64 encoded certificate

-t, --k8s-cluster-token: K8S Cluster authentication token

-s, --k8s-service-account: K8S ServiceAccount to extract token from

-i, --use-gw-service-account: Use GW's Service Account. Boolean, when provided, as part of the inline connection.

--k8s-service-account-type[=fixed]: K8S ServiceAccount type [fixed, dynamic].

--k8s-namespace[=default]: K8S Namespace where the ServiceAccount exists.(relevant only for service-account-type=fixed)

--k8s-allowed-namespaces[=*]: Comma-separated list of allowed K8S namespaces for the generated ServiceAccount (relevant only for k8s-service-account-type=dynamic)

--k8s-predefined-role-name: The pre-existing Role or ClusterRole name to bind the generated ServiceAccount to (relevant only for k8s-service-account-type=dynamic)

--k8s-predefined-role-type: Specifies the type of the pre-existing K8S role [Role, ClusterRole] (relevant only for k8s-service-account-type=dynamic)

--k8s-rolebinding-yaml-def: Path to yaml file that contains definitions of K8S role and role binding (relevant only for k8s-service-account-type=dynamic)

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m] : User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint

--secure-access-dashboard-url: The K8s dashboard url

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-chef

Creates Chef producer

Usage
akeyless gateway-create-producer-chef \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--chef-orgs <Chef organizations>
akeyless gateway-create-producer-chef \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--chef-orgs <Chef organizations> \
--chef-server-username <Chef server username> \
--chef-server-key <Chef server key> \
--chef-server-url <Chef server URL> \
--skip-ssl <truefalse>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-c, --chef-server-username: Chef server username

-y, --chef-server-key: Chef server key

-s, --chef-server-url: Chef server URL

-g, --chef-orgs: Chef organizations

--skip-ssl[=true]: Skip SSL

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m] : User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-custom

Creates a custom webhook-based dynamic secret

Usage
akeyless gateway-create-producer-custom \
--name <Producer Name> \
--create-sync-url <'https://example.com/sync/create:Port'> \
--revoke-sync-url <'https://example.com/sync/revoke:Port'> \
--gateway-url <API Gateway URL:8000> 
Flags

-n, --name: Required, Producer name

--create-sync-url: Required, URL of an endpoint that implements /sync/create method

--revoke-sync-url: Required, URL of an endpoint that implements /sync/revoke method

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rotate-sync-url: URL of an endpoint that implements /sync/rotate method

--payload: Secret payload to be sent with each create/revoke webhook request

--timeout-sec[=60]: Maximum allowed time in seconds for the webhook to return the results

--enable_admin_rotation[=false]: Enable automatic admin credentials rotation

--admin_rotation_interval_days: Rotation period in days

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-create-producer-redis

Creates a redis producer

Usage
akeyless gateway-create-producer-redis \
--name <Producer Name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--username <Redis Username> \
--password <Redis Password>
Flags

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-u, --gateway-url: API Gateway URL

--username: Redis username

--password: Redis password

--host[=7.0.0.]: Redis host

--port[=6379]: Redis port

--acl-rules: A JSON array list of redis ACL rules to attach to the created user. For available rules see the ACL CAT command https://redis.io/commands/acl-cat. If omitted the user will have access to read all keys ([~*, +@read])

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: Add tags attached to this object. To specify multiple tags use argument multiple times: --tag Tag1 -t Tag2

--password-length: The length of the password to be generated

--password-length: The length of the password to be generated

--delete-protection Protection from accidental deletion of this item, [true/false]

Update Producer

gateway-update-producer-artifactory

Updates Artifactory producer

Usage
akeyless gateway-update-producer-artifactory \
--name <Producer Name> \
--artifactory-token-audience <Space-separated list of instances> \
--new-name <Producer New name> \
--gateway-url <API Gateway URL:8000> \
--Target-name <Target Name> \
--artifactory-token-scope <Space-separated list of scopes> \
--producer-encryption-key-name <Encrypt producer with following key>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

-s, --artifactory-token-scope: Required, Token scope provided as a space-separated list, for example: member-of-groups:readers

-a, --artifactory-token-audience: Required, A space-separated list of other Artifactory instances or services that should accept this token, for example: jfrt@*

--target-name: Name of existing target to use in producer creation

-b, --base-url: Artifactory REST URL, must end with artifactory postfix

-r, --artifactory-admin-name: Admin name

-p, --artifactory-admin-pwd: Admin API Key/Password

u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-aws

Updates AWS producer

Usage
akeyless gateway-update-producer-aws \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--aws-access-mode <iam_userassumed_role> \
--aws-user-policies <Policy ARN> \
--aws-user-groups <UserGroup name> \
--aws-role-arns <AWS Role ARNs>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-i, --aws-access-key-id: Access Key ID

-s, --aws-access-secret-key: Access Secret Key

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--aws-access-mode: The types of credentials to retrieve from AWS. Options:[iam_user,assume_role]

--aws-region[=us-east-]: Region

--aws-user-policies: Policy ARN(s). Multiple values should be separated by comma

--aws-user-groups: UserGroup name(s). Multiple values should be separated by comma

--aws-role-arns: AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma

--aws-user-console-access[=false]: Enable AWS User console access

--aws-user-programmatic-access[=true]: Enable AWS User programmatic access

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--admin-creds-rotation[=false]: Enable automatic admin credentials rotation

--admin-creds-rotation-interval[=0]: Admin credentials rotation interval (days)

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-aws-account-id: The aws account id

--secure-access-aws-native-cli: The aws native cli

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=true]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-azure

Updates Azure AD producer

Usage
akeyless gateway-update-producer-azure \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--azure-user-portal-access <truefalse> \
--azure-user-programmatic-access <truefalse> \
--azure-app-obj-id <Azure App Object ID> \
--azure-user-principal-name <Azure User Principal Name> \
--fixed-user-only <truefalse> \
--fixed-user-claim-keyname <Key name of the IdP claim>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-t, --azure-tenant-id: Azure Tenant ID

-i, --azure-client-id: Azure Client ID (Application ID)

-s, --azure-client-secret: Azure AD Client Secret

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--azure-user-portal-access[=false]: Enable Azure AD user portal access

--azure-user-programmatic-access[=false]: Enable Azure AD user programmatic access

--azure-app-obj-id: Azure App Object ID (required if selected programmatic access)

--azure-user-principal-name: Azure AD User Principal Name (required if selected Portal access)

--azure-user-group-obj-id: Azure AD User Group Object ID (required if selected Portal access)

--azure-user-role-template-id: Azure AD User Role Template ID (required if selected Portal access)

--producer-encryption-key-name: Encrypt producer with following key

--fixed-user-only[=false]: Allow access using externally (IdP) provided username

--fixed-user-claim-keyname: For externally provided users, denotes the key-name of IdP claim to extract username from

--user-ttl[=60m]: User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-web[=true]: Enable Web Secure Remote Access

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-cassandra

Update Cassandra producer

akeyless gateway-update-producer-cassandra \
--name <Producer Name> \
--new-name <Producer New Name> \
--target-name <Target Name> \
--cassandra-hosts <Hosts>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Target name

--cassandra-hosts: Cassandra hosts names or IP addresses, comma separated

--cassandra-username: Cassandra superuser user name

--cassandra-password: Cassandra superuser password

--cassandra-port[=904]: Cassandra port

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--cassandra-statements[=CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN = true; GRANT SELECT ON ALL KEYSPACES TO '{{username}}';]: Cassandra Creation Statements

--user-ttl[=60m]: User TTL (<=60m for access token)

--producer-encryption-key-name: Dynamic producer encryption key

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-certificate-automation

Updates a Certificate Automation dynamic secret producer to update certificates generated by Venafi or monitored by Venafi and generated by Akeyless PKI

Usage
akeyless gateway-update-producer-certificate-automation  \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--venafi-zone <Venafi Zone> \
--venafi-api-key <Venafi API key (Relevant when using Venafi Cloud)> \
--venafi-use-tpp <When connecting to TPP this flag is required> \
--venafi-access-token <Venafi Access Token> \
--venafi-refresh-token <Venafi Refresh Token>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-z, --venafi-zone: Venafi Zone

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--venafi-api-key: Venafi API key (Relevant when using Venafi Cloud)

--venafi-use-tpp: When connecting to TPP this flag is required

--venafi-access-token: Venafi Access Token to use to access the TPP environment (Relevant when using TPP)

--venafi-refresh-token: Venafi Refresh Token to use when the Access Token is expired (Relevant when using TPP)

--venafi-baseurl: Base URL of the TPP environment. Or Cloud environment which isn't https://venafi.cloud/

--sign-using-akeyless-pki: creating certificates using Akeyless PKI

--root-first-in-chain: root first in chain

--store-private-key: store private key in Akeyless

--auto-generated-folder: auto generated folder

--signer-key-name: signer key name

--allowed-domains: allowed domains

--allow-subdomains: allow subdomains

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60h]: User TTL in time.Duration format (60h / 9600m / etc...). When using sign-using-akeyless-pki certificates created will have this validity period, otherwise the user-ttl is taken from the Validity Period field of the Zone's' Issuing Template. When using cert-manager it is advised to have a TTL of above 60 days (440h). For more information - https://cert-manager.io/docs/usage/certificate/

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--admin-creds-rotation[=false]: Enable automatic admin credentials rotation

--admin-creds-rotation-interval[=0]: Admin credentials rotation interval (days)

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-chef

Updates Chef producer

Usage
akeyless gateway-update-producer-chef \
--name <Producer name> \
--new-name <Producer New name> \
--target-name <Target Name>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-c, --chef-server-username: Chef server username

-y, --chef-server-key: Chef server key

-s, --chef-server-url: Chef server URL

-g, --chef-orgs: Chef organizations

--skip-ssl[=true]: Skip SSL

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated:

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-custom

Updates a custom webhook based dynamic secret producer

Usage
akeyless gateway-update-producer-custom \
--name <Producer Name> \
--create-sync-url <URL of an endpoint that implements /sync/create method> \
--revoke-sync-url <URL of an endpoint that implements /sync/revoke method>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

-c, --create-sync-url: Required, URL of an endpoint that implements /sync/create method

-r, --revoke-sync-url: Required, URL of an endpoint that implements /sync/revoke method

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rotate-sync-url: URL of an endpoint that implements /sync/rotate method

--payload: Secret payload to be sent with each create/revoke webhook request

--timeout-sec[=60]: Maximum allowed time in seconds for the webhook to return the results

--enable_admin_rotation[=false]: Enable automatic admin credentials rotation

--admin_rotation_interval_days: Rotation period in days

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-dockerhub

Updates a Dockerhub producer

Usage
akeyless gateway-update-producer-dockerhub \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--dockerhub-username <Username for docker repository> \
--dockerhub-password <Password for docker repository>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--dockerhub-username: Username for docker repository

--dockerhub-password: Password for docker repository

--dockerhub-token-scopes: Comma-separated access token scopes list to give the created dynamic secret. Valid options are in 'repo:admin', 'repo:write', 'repo:read', 'repo:public_read'

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--user-ttl[=60m]: User TTL (<=60m for access token)

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--producer-encryption-key-name: Dynamic producer encryption key

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-eks

Updates Amazon Elastic Kubernetes Service (Amazon EKS) producer

Usage
akeyless gateway-update-producer-eks \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--eks-assume-role <Role ARN> \
--eks-cluster-name <EKS cluster name. Must match the EKS cluster name you want to connect to> \
--eks-cluster-endpoint <EKS Cluster endpoint> \
--eks-cluster-ca-cert <EKS Cluster certificate. Base 64 encoded certificate> \
--eks-access-key-id <EKS Access Key ID> \
--eks-secret-access-key <EKS Secret Access Key>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-c, --eks-cluster-name: EKS cluster name. Must match the EKS cluster name you want to connect to

-e, --eks-cluster-endpoint: EKS Cluster endpoint. https:// , <DNS / IP> of the cluster

-r, --eks-cluster-ca-cert: EKS Cluster certificate. Base 64 encoded certificate

--eks-access-key-id: EKS Access Key ID

--eks-secret-access-key: EKS Secret Access Key

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--eks-region[=us-east-]: EKS Region

--eks-assume-role: Role ARN. Role to assume when connecting to the EKS cluster

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint URL

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-gcp

Updates Google Cloud Provider (GCP) producer

Usage
akeyless gateway-update-producer-gcp \
--name <Producer Name> \
--service-account-type[=fixed] <fixed, dynamic>
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--gcp-sa-email <service account email> \
--gcp-cred-type <tokenkey> \
--gcp-key-file-path <Path to file with the Base64-encoded service account private key> \
--gcp-key <Base64-encoded service account private key text> \
--gcp-token-scopes <Access token scopes list> \
--gcp-key-algo <Service account key algorithm>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-t, --gcp-cred-type[=token]: Credentials type, options are [token, key]

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--gcp-key-file-path: Path to file with the Base64-encoded service account private key

--gcp-key: Base64-encoded service account private key text

--gcp-token-scopes: Access token scopes list, e.g. scope,scope

--gcp-key-algo: Service account key algorithm, e.g. KEY_ALG_RSA_04

--user-ttl[=60m]: User TTL (<=60m for access token)

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--producer-encryption-key-name: Dynamic producer encryption key

-s, --service-account-type[=fixed]: Required, The type of the gcp dynamic secret. Options[fixed, dynamic]

-e, --gcp-sa-email: The email of the fixed service acocunt to generate keys or tokens for. (revelant for service-account-type=fixed)

--role-binding: Role binding definitions in json format

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-github

Updates Github producer

Usage
akeyless gateway-update-producer-github \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--installation-id <Your GitHub Installation ID> \
--installation-repository <instead of installation id, set a GitHub repository> \
--github-app-id <Github application id> \
--github-app-private-key <Github application private key (base64 encoded key)> \
--github-base-url <Github base url (Deafult = https://api.github.com/)
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--installation-id: Github application installation id

--installation-repository: Optional, instead of installation id, set a GitHub repository '/'

--target-name: Name of existing target to use in producer creation

--github-app-id: Github application id

--github-app-private-key: Github application private key (base64 encoded key)

--github-base-url[=https://api.github.com/]: Github base url

-p, --token-permissions: Tokens' allowed permissions. By default use installation allowed permissions. Input format: key=value pairs or JSON strings, e.g - -p contents=read -p issues=write or -p '{content:read}'

-r, --token-repositories: Tokens' allowed repositories. By default use installation allowed repositories. To specify multiple repositories use argument multiple times: -r RepoName -r RepoName

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-gke

Updates Google Kubernetes Engine (GKE) producer

Usage
akeyless gateway-update-producer-gke \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--gke-account-email <GKE service account email> \
--gke-cluster-endpoint <GKE cluster endpoint> \
--gke-cluster-ca-cert <GKE Base-64 encoded cluster certificate> \
--gke-account-key-file-path <File path to GKE service account key> \
--gke-account-key <GKE service account key> \
--gke-cluster-name <GKE cluster name>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-a, --gke-account-email: GKE service account email

-e, --gke-cluster-endpoint: GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>

-c, --gke-cluster-ca-cert: GKE Base-64 encoded cluster certificate

--gke-account-key-file-path: File path to GKE service account key

--gke-account-key: GKE service account key

--gke-cluster-name: GKE cluster name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint URL

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-hanadb

Updates HanaDB producer

Usage
akeyless gateway-update-producer-hanadb \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--hanadb-username <HanaDB user> \
--hanadb-password <--hanadb-password> \
--hanadb-host <HanaDB host name (Deafult = 7.0.0.) \
--hanadb-port <HanaDB port (Deafult = 443) \
--producer-encryption-key-name <Encrypt producer with following key>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--hanadb-username: HanaDB user

--hanadb-password: HanaDB password

--hanadb-host[=7.0.0.]: HanaDB host name

--hanadb-port[=443]: HanaDB port

--hanadb-creation-statements[=CREATE USER {{name}} PASSWORD {{password}}; GRANT MONITOR ADMIN TO {{name}};]: HanaDB Creation Statements

--hanadb-revocation-statements[=DROP USER {{name}};]: HanaDB Revocation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-k8s

Updates Native Kubernetes Service producer

Usage
akeyless gateway-update-producer-k8s \
--name <Producer name> \
--new-name <Producer New name> \
--target-name <Target Name>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-e, --k8s-cluster-endpoint: K8S Cluster endpoint. https:// , <DNS / IP> of the cluster

-c, --k8s-cluster-ca-cert: K8S Cluster certificate. Base 64 encoded certificate

-t, --k8s-cluster-token: K8S Cluster authentication token

-s, --k8s-service-account: K8S ServiceAccount to extract token from

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--k8s-namespace[=default]: K8S Namespace where the ServiceAccount exists

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-cluster-endpoint: The K8s cluster endpoint

--secure-access-dashboard-url: The K8s dashboard url

--secure-access-allow-port-forwading: Enable Port forwarding while using CLI access

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-ldap

Updates LDAP producer

Usage
akeyless gateway-update-producer-ldap \
--name <Producer name> \
--new-name <Producer New name> \
--target-name <Target name>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--ldap-url: User Base DN

--user-attribute: LDAP User Attribute

-t, --ldap-ca-cert: LDAP base-64 encoded CA Certificate

--bind-dn: LDAP Bind DN

--bind-dn-password: Password for LDAP Bind DN

--external-username[=false]: Externally provided username

--token-expiration: LDAP token expiration in seconds

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

--tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag --tag Tag

--password-length: The length of the password to be generated

-delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-mongo

Updates a MongoDB/MongoDB Atlas producer

Usage
akeyless gateway-update-producer-mongo \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mongodb-name <MongoDB name> \
--mongodb-custom-data <MongoDB custom data>\
--mongodb-username <MongoDB server username> \
--mongodb-password <MongoDB server password> \
--mongodb-host-port <host port>
Flags

--new-name: Producer New name

-n, --name: Required,

--target-name: Name of existing target to use in producer creation

--mongodb-name: MongoDB name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--mongodb-roles\[=\[]]: MongoDB roles (e.g. MongoDB:[{role:readWrite, db: sales}], MongoDB Atlas:[{roleName : readWrite, databaseName: sales}])

--mongodb-custom-data: MongoDB custom data (e.g. {team:blue})

--mongodb-server-uri: MongoDB server URI (e.g. mongodb://user:[email protected]:707/admin?replicaSet=mySet)

--mongodb-username: MongoDB server username

--mongodb-password: MongoDB server password

--mongodb-host-port: host:port (e.g. my.mongo.db:707)

--mongodb-default-auth-db: MongoDB server default authentication database

--mongodb-uri-options: MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB)

--mongodb-atlas-project-id: MongoDB Atlas project ID

--mongodb-atlas-api-public-key: MongoDB Atlas public key

--mongodb-atlas-api-private-key: MongoDB Atlas private key

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL (e.g. 60s, 60m, 60h)

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-mssql

Updates Microsoft SQL Server

Usage
akeyless gateway-update-producer-mssql \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mssql-dbname <MSSQL Server DB Name> \
--mssql-username <MS SQL Server user> \
--mssql-password <MS SQL Server password> \
--mssql-host <MS SQL Server host name (Deafult = 7.0.0.) > \
--mssql-port <MS SQL Server port (Deafult = 433) >
Flags

--new-name: Producer New name

-n, --name: Required,

--target-name: Name of existing target to use in producer creation

-d, --mssql-dbname: MSSQL Server DB Name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--mssql-username: MS SQL Server user

--mssql-password: MS SQL Server password

--mssql-host[=7.0.0.]: MS SQL Server host name

--mssql-port[=433]: MS SQL Server port

--mssql-creation-statements\[=CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';]: MSSQL Server Creation Statements

--mssql-revocation-statements\[=DROP LOGIN [{{name}}];]: MSSQL Server Revocation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-mysql

Updates MySQL producer

Usage
akeyless gateway-update-producer-mysql \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--mysql-username <MySQL user> \
--mysql-password <MySQL password> \
--mysql-host <MySQL host name (Deafult = 7.0.0.) > \
--mysql-port <MySQL port Deafult = 3306) >
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-d, --mysql-dbname: MySQL DB name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--mysql-username: MySQL user

--mysql-password: MySQL password

--mysql-host[=7.0.0.]: MySQL host name

--mysql-port[=3306]: MySQL port

--mysql-statements: MySQL Creation Statements

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--db-server-certificates: the set of root certificate authorities in base64 encoding that clients use when verifying server certificates

--db-server-name: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-oracle

Updates Oracle DB producer

Usage
akeyless gateway-update-producer-oracle \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--oracle-username <Oracle user> \
--oracle-password <Oracle password> \
--oracle-host <Oracle host name (Deafult = 7.0.0.) > \
--oracle-port <Oracle port (Default = 5)
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-d, --oracle-service-name: Oracle service name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--oracle-username: Oracle user

--oracle-password: Oracle password

--oracle-host[=7.0.0.]: Oracle host name

--oracle-port[=5]: Oracle port

--oracle-statements: Oracle Creation Statements

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--db-server-certificates: the set of root certificate authorities in base64 encoding that clients use when verifying server certificates

--db-server-name: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address

--secure-access-enable[=false]: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-postgresql

Updates PostgreSQL producer

Usage
akeyless gateway-update-producer-postgresql \
--name *<Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--postgresql-username <PostgreSQL user> \
--postgresql-password <PostgreSQL password> \
--postgresql-host <PostgreSQL host name (Deafult = 7.0.0.) > \
--postgresql-port <PostgreSQL port (Deafult = 543) > \
--postgresql-statements 'CREATE USER {{name}} WITH PASSWORD {{password}}; GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{name}}; GRANT CONNECT ON DATABASE postgres TO {{name}}; GRANT USAGE ON SCHEMA public TO {{name}};' \
--postgresql-revoke-statement 'REASSIGN OWNED BY {{name}} TO {{userHost}}; DROP OWNED BY {{name}}; SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE usename = {{name}}; DROP USER {{name}};'
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-d, --postgresql-db-name: PostgreSQL DB name

-u, --gateway-url[=http://localhost:8000]: Gateway url

--postgresql-username: PostgreSQL user

--postgresql-password: PostgreSQL password

--postgresql-host[=7.0.0.]: PostgreSQL host name

--postgresql-port[=543]: PostgreSQL port

--postgresql-statements[=CREATE USER {{name}} WITH PASSWORD '{{password}}';GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{name}};GRANT CONNECT ON DATABASE postgres TO {{name}};GRANT USAGE ON SCHEMA public TO {{name}};]: PostgreSQL Creation Statements

--postgresql-revoke-statement[=REASSIGN OWNED BY {{name}} TO {{userHost}}; DROP OWNED BY {{name}}; select pg_terminate_backend(pid) from pg_stat_activity where usename = '{{name}}'; DROP USER {{name}};]: PostgreSQL Revocation Statement

--enc-key-name: Encrypt producer with following key

--ssl[=false]: Enable/Disable SSL [true/false]

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

--secure-access-db-schema: The db schema

--secure-access-web[=false]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-rabbitmq

Updates RabbitMQ producer

Usage
akeyless gateway-update-producer-rabbitmq \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--rabbitmq-user-conf-permission <User configuration permission> \
--rabbitmq-user-write-permission <User write permission> \
--rabbitmq-user-read-permission <User read permission> \
--rabbitmq-admin-user <RabbitMQ server user> \
--rabbitmq-admin-pwd <RabbitMQ server password>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-s, --rabbitmq-server-uri: RabbitMQ server URI

-c, --rabbitmq-user-conf-permission: User configuration permission, for example:[.*,queue-name]

-w, --rabbitmq-user-write-permission: User write permission, for example:[.*,queue-name]

-r, --rabbitmq-user-read-permission: User read permission, for example:[.*,queue-name]

-a, --rabbitmq-admin-user: RabbitMQ server user

-p, --rabbitmq-admin-pwd: RabbitMQ server password

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rabbitmq-user-vhost: User Virtual Host

--rabbitmq-user-tags: Comma separated list of tags to apply to user

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion

--secure-access-url: Destination URL to inject secrets

--secure-access-web[=true]: Enable Web Secure Remote Access

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-rdp

Updates RDP producer

Usage
akeyless gateway-update-producer-rdp \
--new-name <Producer New name> \
--name <Producer name> \
--target-name <Target name>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-g, --rdp-user-groups: RDP UserGroup name(s). Multiple values should be separated by comma

-r, --rdp-host-name: RDP Host name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--rdp-admin-name: RDP Admin name

--rdp-admin-pwd: RDP Admin Password

--rdp-host-port[=]: RDP Host port

--fixed-user-only[=false]: Allow access using externally (IdP) provided username

--producer-encryption-key-name: Encrypt producer with following key

--warn-user-before-expiration: Display message to user before TTL expires (min)

--allow-user-extend-session: Allow user to extend session periodically (min)

--user-ttl[=60m]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--password-length: The length of the password to be generated

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-rdp-domain: Required when the Dynamic Secret is used for a domain user

--secure-access-rdp-user: Override the RDP Domain username

--secure-access-host: Target servers for connections., For multiple values repeat this flag

--secure-access-allow-external-user[=false]: Allow providing external user for a domain users

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-redshift

Updates Redshift producer

Usage
akeyless gateway-update-producer-redshift \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--redshift-username <redshiftL user> \
--redshift-password <Redshift password> \
--redshift-host <Redshift host name (Default = 7.0.0.)> \
--redshift-port <Redshift port (Default = 5439)> \
--redshift-statements CREATE USER '{{username}}' WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO '{{username}}';
--ssl <falestrue>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

--redshift-db-name: Redshift DB name

-u, --gateway-url[=http://localhost:8000]: Gateway url

--redshift-username: redshiftL user

--redshift-password: Redshift password

--redshift-host[=7.0.0.]: Redshift host name

--redshift-port[=5439]: Redshift port

--redshift-statements[=CREATE USER {{username}} WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO {{username}};]: Redshift Creation Statements

--ssl[=false]: Enable/Disable SSL [true/false]

--enc-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

--secure-access-enable: Enable/Disable secure remote access, [true/false]

--secure-access-host: Target DB servers for connections., For multiple values repeat this flag

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag -t Tag

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-snowflake

Updates Snowflake producer

Usage
akeyless gateway-update-producer-snowflake \
--name <Producer Name> \
--new-name <Producer New name> \
--target-name <Target Name> \
--gateway-url <API Gateway URL:8000> \
--role <New User Role> \
--warehouse <Wahehouse Name> \
--account-username <Snowflake account user name> \
--account-password <Snowflake account password> \
--db-name <The DB the generated credentials are restricted to>
Flags

--new-name: Producer New name

-n, --name: Required, Producer name

--target-name: Name of existing target to use in producer creation

-a, --account: Snowflake account name

--account-username: Snowflake account user name

--account-password: Snowflake account password

-d, --db-name: The DB the generated credentials are restricted to

--role: Role to be assigned to the generated credentials

--warehouse: The warehouse the generated credentials are restricted to

--snowflake-api-private-key: RSA Private key (base64 encoded), if this is provided, flag --snowflake-api-private-key-file-name is ignored

--snowflake-api-private-key-file-name: The path to the file containing the private key, if this is provided, flag --snowflake-api-private-key is ignored

--snowflake-api-private-key-passphrase: The Private key passphrase

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--user-ttl[=4h]: User TTL

-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-update-producer-tmp-creds

Update ttl of producer temporary credentials

Usage
akeyless gateway-update-producer-tmp-creds \
--name <Producer name> \
--tmp-creds-id <Temp Creds ID> \
--new-ttl-min <New TTL in Minutes>
Flags

-n, --name: Required, Producer name

-i, --tmp-creds-id: Required, Temp Creds ID

-t, --new-ttl-min: Required, New TTL in Minutes

-u, --gateway-url: API Gateway URL (Configuration Management port)

gateway-update-producer-redis

Update Redis producer

Usage
akeyless gateway-update-producer-redis \
--name <Producer name> \
--new-name <Producer new name> \
--target-name <Target name> \
--gateway-url <API Gateway URL:8000> \
--username <Redis username> \
--password <Redis password>
Flags

-n, --name: Required, Producer name

--new-name: Producer New name

--target: Name of existing target to use in producer creation

--gateway-url: API Gateway URL

--username: Redis username

--password: Redis password

--host[=7.0.0.]: Redis host

--port[=6379]: Redis port

--acl-rules: A JSON array list of redis ACL rules to attach to the created user. For available rules see the ACL CAT command https://redis.io/commands/acl-cat. If omitted the user will have access to read all keys ([~*, +@read])

--ssl[=false]: Enable/Disable SSL [true/false]

--ssl-certificate: SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA)

--producer-encryption-key-name: Encrypt producer with following key

--user-ttl[=60m]: User TTL

-t, --tag: Add tags attached to this object. To specify multiple tags use argument multiple times: --tag Tag1-t Tag2

--password-length: The length of the password to be generated

--password-length: The length of the password to be generated

--delete-protection: Protection from accidental deletion of this item, [true/false]

gateway-delete-producer

Deletes producer in the current account

Usage
akeyless gateway-delete-producer \
--name <Producer name> \
--gateway-url <API Gateway URL:8000> 
Flags

-n, --name: Required, Producer name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

gateway-get-producer

Get details of a producer from the current account

Usage
akeyless gateway-get-producer \
--name <Producer name> \
--gateway-url <API Gateway URL:8000>
Flags

-n, --name: Required, Producer name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

gateway-get-producer-tmp-creds

Get producer temporary credentials list

Usage
akeyless gateway-get-producer-tmp-creds \
--name <Producer name> \
--gateway-url <API Gateway URL:8000>
Flags

-n, --name: Required, Producer name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

gateway-list-producers

List available producers

Flags

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token

--uid-token: The universal identity token, Required only for universal_identity authentication

gateway-revoke-producer-tmp-creds

Revoke producer temporary credentials

Usage
akeyless gateway-revoke-producer-tmp-creds \
--name <Producer name> \
--tmp-creds-id <Temp Creds ID> \
--revoke-all <Revoke All Temp Creds> \
--gateway-url <API Gateway URL:8000> \
--soft-delete <Use soft-delete> \
--host <Host>
Flags

-n, --name: Required, Producer name

--tmp-creds-id: Temp Creds ID

--revoke-all: Revoke All Temp Creds

-u, --gateway-url: API Gateway URL (Configuration Management port)

--soft-delete: Use soft delete

--host: Host

set-item-state

Set an item's state (Enabled, Disabled)

Usage
akeyless set-item-state \
--name <Producer name> \
--gateway-url <API Gateway URL:8000> \
--desired-state <>
Flags

-n, --name: Required, Producer name

-s, --desired-state: Required Desired item state [Enabled, Disabled]

-u, --gateway-url: API Gateway URL (Configuration Management port)

--version[=0]: The specific version you want to update: 0=item level state (default) (relevant only for keys)