CLI Reference - Akeyless Producers

gateway-create-producer-artifactory

Creates Artifactory producer.

Parameters

Parameter

Mandatory

Description

-b, --base-url

**Y**

Artifactory REST URL, must end with artifactory postfix.

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

-s, --artifactory-token-scope

**Y**

Token scope provided as a space-separated list, for example: member-of-groups:readers.

-a, --artifactory-token-audience

**Y**

A space-separated list of the other Artifactory instances or services that should accept this token., for example: [email protected]* .

--target-name

A name of the existing target to use in producer creation.

-r, --artifactory-admin-name

Admin name.

-p, --artifactory-admin-pwd

Admin API Key/Password.

-u, --gateway-url

API Gateway URL (by default: http://localhost:8000).

-t, --tag

A list of tags attached to this secret. To specify multiple tags, use this parameter multiple times: -t Tag1 -t Tag2.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

gateway-create-producer-aws

Creates AWS producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--aws-access-mode

The types of credentials to retrieve from AWS. Options:[iam_user,assume_role].

--aws-access-key-id

Access Key ID.

--aws-access-secret-key

Access Secret Key.

--aws-region[=us-east-2]

AWS region.

--aws-user-policies

Policy ARN(s). Multiple values should be separated by a comma.

---aws-user-groups

UserGroup name(s). Multiple values should be separated by a comma.

--aws-role-arns

AWS Role ARNs to be used in the Assume Role operation. Multiple values should be separated by a comma.

--aws-user-console-access[=false]

Enable AWS User console access.

--aws-user-programmatic-access[=true]

Enable AWS User programmatic access

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

--admin-creds-rotation[=false]

Enable automatic admin credentials rotation.

--admin-creds-rotation-interval[=0]

Admin credentials rotation interval (days).

gateway-create-producer-azure

Creates Azure AD producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (with the configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

--azure-tenant-id

Azure Tenant ID.

--azure-client-id

Azure Client ID (Application ID).

--azure-client-secret

Azure AD Client Secret.

--azure-user-portal-access[=false]

Enable Azure AD user portal access.

--azure-user-programmatic-access[=true]

Enable Azure AD user programmatic access.

--azure-app-obj-id

Azure App Object ID (required if selected programmatic access)

--azure-user-principal-name

Azure AD User Principal Name (required if selected Portal access).

--azure-user-group-obj-id

Azure AD User Group Object ID (required if selected Portal access).

--azure-user-role-template-id

Azure AD User Role Template ID (required if selected Portal access).

--fixed-user-only[=false]

Allow access using externally (IdP) provided username.

--fixed-user-claim-keyname

For externally provided users, denotes the key-name of IdP claim to extract username.

--secure-access-enable

Enable/Disable secure remote access, [true/false].

--secure-access-web-browsing[=false]

Secure browser via Akeyless Web Access Bastion.

--secure-access-web-proxy[=false]

Web-Proxy via Akeyless Web Access Bastion.

--secure-access-web[=true]

Enable Web Secure Remote Access.

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token</code

The universal identity token. It is required only for universal_identity authentication.

gateway-create-producer-eks

Creates Amazon Elastic Kubernetes Service (Amazon EKS) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret

--eks-cluster-name

**Y**

EKS cluster name. Must match the EKS cluster name you want to connect to

--eks-cluster-endpoint

**Y**

EKS Cluster endpoint. https:// , <DNS / IP> of the cluster.

--eks-cluster-ca-cert

**Y**

EKS Cluster certificate. Base 64 encoded certificate.

--eks-access-key-id

EKS Access Key ID.

--eks-secret-access-key

EKS Secret Access Key.

--eks-region[=us-east-2]

EKS Region.

--eks-assume-role

Role ARN. Role to assume when connecting to the EKS cluster.

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-gke

Creates Google Kubernetes Engine (GKE) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--gke-account-email

**Y**

GKE service account email.

--gke-account-key-file-path

**Y**

File path to GKE Service Account Key. File path to RSA private key generated for this account to access.

--gke-cluster-endpoint

**Y**

GKE Cluster endpoint. https:// , <DNS / IP> of the cluster.

--gke-cluster-ca-cert

**Y**

GKE Cluster certificate. Base 64 encoded certificate.

--gke-cluster-name

GKE Cluster name.

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-gcp

Creates Google Cloud Provider (GCP) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--gcp-sa-email

**Y**

GCP service account email.

--gcp-cred-type[=token]

**Y**

Credentials type, options are [token, key].

--gcp-key-file-path

Path to file with the Base64-encoded service account private key.

--gcp-key

Base64-encoded service account private key text.

--gcp-token-scopes

Access token scopes list, e.g. scope1,scope2.

--gcp-key-algo

Service account key algorithm, e.g. KEY_ALG_RSA_1024.

--user-ttl[=60m]

User TTL (<=60m for access token).

--producer-encryption-key-name

Dynamic producer encryption key

--profile

Use a specific profile from your akeyless/profiles/ folder.

--username

Required only when the authentication process requires a username and password.

--password

Required only when the authentication process requires a username and password.

--uid-token

The universal identity token, Required only for universal_identity authentication.

gateway-create-producer-cassandra

Creates a Cassandra producer.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Producer name

--target-name

Target name

--cassandra-hosts

Cassandra hosts names or IP addresses, comma separated

--cassandra-username

Cassandra superuser user name

--cassandra-password

Cassandra superuser password

--cassandra-port[=9042]

Cassandra port

-u, --gateway-url[=http://localhost:8000]

API Gateway URL (Configuration Management port)

-cassandra-statements[=CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN = true; GRANT SELECT ON ALL KEYSPACES TO '{{username}}';]

Cassandra Creation Statements

--user-ttl[=60m]

User TTL (<=60m for access token)

-t, --tag

List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--producer-encryption-key-name

Dynamic producer encryption key

--delete-protection

Protection from accidental deletion of this item, [true/false]

gateway-create-producer-hanadb

Creates a HanaDB producer.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Producer name

--target-name

Name of existing target to use in producer creation

-d, --hana-dbname

Hana DB Name

-u, --gateway-url[=http://localhost:8000]

API Gateway URL (Configuration Management port)

--hanadb-username

HanaDB user

--hanadb-password

HanaDB password

--hanadb-host[=127.0.0.1]

HanaDB host name

--hanadb-port[=443]

HanaDB port

--hanadb-creation-statements[=CREATE USER {{name}} PASSWORD "{{password}}"; GRANT "MONITOR ADMIN" TO {{name}};]

HanaDB Creation Statements

--hanadb-revocation-statements[=DROP USER {{name}};]

HanaDB Revocation Statements

--producer-encryption-key-name

Encrypt producer with following key

--user-ttl[=60m]

User TTL

-t, --tag

List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--secure-access-enable

Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer

Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host

Target DB servers for connections., For multiple values repeat this flag.

--secure-access-db-schema

The db schema

--secure-access-web[=false]

Enable Web Secure Remote Access

--delete-protection

Protection from accidental deletion of this item, [true/false]

gateway-create-producer-oracle

Creates an Oracle producer.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Producer name

--target-name

Name of existing target to use in producer creation

-d, --oracle-service-name

Oracle service name

-u, --gateway-url[=http://localhost:8000]

API Gateway URL (Configuration Management port)

--oracle-username

Oracle user

--oracle-password

Oracle password

--oracle-host[=127.0.0.1]

Oracle hostname

--oracle-port[=1521]

Oracle port

--oracle-statements

Oracle Creation Statements

--producer-encryption-key-name

Encrypt producer with following key

--user-ttl[=60m

User TTL

-t, --tag

List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--db-server-certificates

the set of root certificate authorities in base64 encoding that clients use when verifying server certificates

--db-server-name

Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address

--secure-access-enable[=false]

Enable/Disable secure remote access, [true/false]

--secure-access-bastion-issuer

Path to the SSH Certificate Issuer for your Akeyless Bastion

--secure-access-host

Target DB servers for connections., For multiple values repeat this flag.

--secure-access-web[=false]

Enable Web Secure Remote Access

--delete-protection

Protection from accidental deletion of this item, [true/false]

gateway-create-producer-redshift

Creates a Redshift producer.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Producer name

--target-name

Name of existing target to use in producer creation

--redshift-db-name

Redshift DB name

-u, --gateway-url[=http://localhost:8000]

Gateway url

--redshift-username

redshiftL user

--redshift-password

Redshift password

--redshift-host[=127.0.0.1]

Redshift host name

--redshift-port[=5439]

Redshift port

--redshift-statements[=CREATE USER "{{username}}" WITH PASSWORD '{{password}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO "{{username}}";]

Redshift Creation Statements

--ssl[=false]

SSL [true/false]

--enc-key-name

Encrypt producer with following key

--user-ttl[=60m]

User TTL

--secure-access-enable

Enable/Disable secure remote access, [true/false]

--secure-access-host

Target DB servers for connections., For multiple values repeat this flag.

-t, --tag

List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2

--delete-protection

Protection from accidental deletion of this item, [true/false]

gateway-create-producer-mongo

Creates a MongoDB/MongoDB Atlas producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mongodb-roles[=[]]

MongoDB roles (e.g. MongoDB:[{"role":"readWrite", "db": "sales"}], MongoDB Atlas:[{"roleName" : "readWrite", "databaseName": "sales"}]).

--mongodb-server-uri

MongoDB server uri (e.g. mongodb://akeyless:[email protected]:27017/admin?replicaSet=mySet.

--mongodb-username

MongoDB server username.

--mongodb-password

MongoDB server password.

--mongodb-host-port

host:port (e.g. 1.2.3.4:8089).

--mongodb-default-auth-db

MongoDB server default authentication database.

--mongodb-uri-options

MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB).

--mongodb-atlas-project-id

MongoDB Atlas project ID.

--mongodb-atlas-api-public-key

MongoDB Atlas public key.

--mongodb-atlas-api-private-key

MongoDB Atlas private key.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-mssql

Creates Microsoft SQL Server.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mssql-dbname

MSSQL Server DB Name.

--mssql-username

MS SQL Server user.

--mssql-password

MS SQL Server password.

--mssql-host[=127.0.0.1]

MS SQL Server host name.

--mssql-port[=1433]

MS SQL Server port.

--mssql-creation-statements[=CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';]

MSSQL Server Creation Statements.

--mssql-revocation-statements[=DROP LOGIN [{{name}}];]

MSSQL Server Revocation Statements.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-mysql

Create MySQL producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mysql-dbname

MySQL DB name.

--mysql-username

MySQL user.

--mysql-password

MySQL password.

--mysql-host[=127.0.0.1]

MySQL host name.

--mysql-port[=3306]

MySQL port.

--mysql-statements

MySQL Creation Statements.

--db-server-certificates

The set of root certificate authorities in base64 encoding that clients use when verifying server certificates.

--db-server-name

Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-postgresql

Creates PostgreSQL producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--postgresql-db-name

PostgreSQL DB name.

--postgresql-username

PostgreSQL user.

--postgresql-password

PostgreSQL password.

--postgresql-host[=127.0.0.1]

PostgreSQL host name.

--postgresql-port[=5432]

PostgreSQL port.

--postgresql-statements[=CREATE USER "{{name}}" WITH PASSWORD '{{password}}' VALID UNTIL '2022-01-01';GRANT SELECT ON ALL TABLES IN SCHEMA public TO "{{name}}";GRANT CONNECT ON DATABASE postgres TO "{{name}}";GRANT USAGE ON SCHEMA public TO "{{name}}";]

PostgreSQL Creation Statements.

--enc-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-rabbitmq

Creates RabbitMQ producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--rabbitmq-server-uri

**Y**

RabbitMQ server URI.

--rabbitmq-user-conf-permission

**Y**

User configuration permission, for example:[.*,queue-name].

--rabbitmq-user-write-permission

**Y**

User write permission, for example:[.*,queue-name].

--rabbitmq-user-read-permission

**Y**

User read permission, for example:[.*,queue-name].

--rabbitmq-admin-user

RabbitMQ server user.

--rabbitmq-admin-pwd

RabbitMQ server password.

--rabbitmq-user-vhost

User Virtual Host.

--rabbitmq-user-tags

Comma-separated list of tags to apply to user.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-rdp

Creates an RDP dynamic secret.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--rdp-user-groups

**Y**

A comma-separated list of the RDP user group(s) to which new users should be added.

--rdp-host-name

**Y**

The hostname or IP address of the target Windows server.

--rdp-admin-name

The username of an administrator user with sufficient permissions to create users, groups, and so on.

--rdp-admin-pwd

The administrator user password.

--rdp-host-port[=22]

The SSH port for the connection, by default 22.

--fixed-user-only[=false]

Define as true to create the same user each time the secret is requested.

--producer-encryption-key-name

The encryption key with which to encrypt the dynamic secret (if your system includes multiple encryption keys).

--user-ttl[=60m]

The length of time for which the credentials generated by the dynamic secret are valid.

gateway-create-producer-snowflake

Creates a dynamic secret that generates access credentials for Snowflake.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

Name of the existing target to use in producer creation.

--account

**Y**

The Snowflake account name in xy12345.region.cloud_provider format.

--db-name

**Y**

The name of the target Snowflake database.

--role

The Snowflake role to be assigned to temporary users.

--warehouse

The name of the target Snowflake warehouse.

--user-ttl

The length of time for which the credentials generated by the dynamic secret are valid, by default 60 (minutes).

--profile

The specific Akeyless profile to use to execute the command.

--account-username

The username for a Snowflake user administrator (with the USERADMIN role or higher).

--account-password

The password for the Snowflake user administrator account.

--uid-token

The universal identity token. This value is only required if you use universal_identity authentication.

-t, --tag

List of the tags attached to this secret. To specify multiple tags, use the argument multiple times: -t Tag1 -t Tag2.

--delete-protection

Protection from accidental deletion of this item, [true/false].

gateway-create-producer-venafi

Creates a Venafi dynamic secret.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--venafi-api-key

**Y**

Venafi API key.

--venafi-zone

**Y**

Venafi Zone.

--creating-cert-using-pki

Creating certificates using Akeyless PKI.

--root-first-in-chain

Root chain.

--store-private-key

Store private key in Akeyless.

--auto-generated-folder

Auto generated folder.

--issuer-name

Issuer name.

--signer-key-name

Signer key name.

--allowed-domains

Allowed domains.

--allow-subdomains

Allow subdomains.

--admin-creds-rotation[=false]

Enable automatic admin credentials rotation.

--admin-creds-rotation-interval[=0]

Admin credentials rotation interval (days).

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-ldap

Creates an LDAP dynamic secret.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

-u, --gateway-url[=http://localhost:8000]

The URL of your Akeyless Gateway (with the configuration management port).

--ldap-url

LDAP Server URL.

--user-dn

User Base DN.

--user-attribute

LDAP User Attribute.

-t, --ldap-ca-cert

LDAP base64-encoded CA Certificate.

--bind-dn

LDAP Bind DN.

--bind-dn-password

Password for LDAP Bind DN.

--external-username[=false]

Externally provided username.

--token-expiration

LDAP token expiration in seconds.

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for the universal_identity authentication.

gateway-create-producer-github

Creates a GitHub dynamic secret.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

-u, --gateway-url[=http://localhost:8000]

The URL of your Akeyless Gateway (with the configuration management port).

--installation-id

GitHub application installation ID.

--installation-repository

Instead of installation ID, set a GitHub repository '/'.

--github-app-id

GitHub application ID.

--github-app-private-key

GitHub application private key (base64-encoded key).

--github-base-url[=https://api.github.com/]

GitHub base URL.

-p, --token-permissions

Tokens allowed permissions. By default, uses installation permissions. Input format: key=value pairs or JSON strings, e.g - "-p contents=read -p issues=write" or -p '{"content":"read"}'

-r, --token-repositories

Tokens allowed repositories. By default, uses installation repositories. To specify multiple repositories, use the argument multiple times: -r RepoName1 -r RepoName2 .

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for the universal_identity authentication.

gateway-create-producer-dockerhub

Creates a Docker Hub dynamic secret.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

-u, --gateway-url[=http://localhost:8000]

The URL of your Akeyless Gateway (with the configuration management port).

--dockerhub-username

A username for docker repository.

--dockerhub-password

A password for docker repository.

--dockerhub-token-scopes

A comma-separated access token scopes list to give the created dynamic secret. Valid options are in 'repo:admin', 'repo:write', 'repo:read', 'repo:public_read'.

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for the universal_identity authentication.

gateway-create-producer-k8s

Creates a generic Kubernetes dynamic secret.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

-u, --gateway-url[=http://localhost:8000]

The URL of your Akeyless Gateway (with the configuration management port).

-e, --k8s-cluster-endpoint

K8S Cluster endpoint. https:// , <DNS / IP> of the cluster.

-c, --k8s-cluster-ca-cert

K8S Cluster certificate. Base 64 encoded certificate.

-t, --k8s-cluster-token

K8S Cluster authentication token.

-s, --k8s-service-account

K8S ServiceAccount to extract token from.

--k8s-namespace[=default]

K8S Namespace where the ServiceAccount exists.

--secure-access-enable

Enable/Disable secure remote access, [true/false].

--secure-access-cluster-endpoint

The K8s cluster endpoint

--secure-access-dashboard-url

The K8s dashboard url

--secure-access-allow-port-forwading

Enable Port forwarding while using CLI access.

--secure-access-bastion-issuer

Path to the SSH Certificate Issuer for your Akeyless Bastion.

--secure-access-web-browsing[=false]

Secure browser via Akeyless Web Access Bastion

--secure-access-web-proxy[=false]

Web-Proxy via Akeyless Web Access Bastion.

--secure-access-web[=false]

Enable Web Secure Remote Access.

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

gateway-create-producer-chef

Creates a Chef Infra dynamic secret.

Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--target-name

A name of the existing target to use in the dynamic secret creation.

-u, --gateway-url[=http://localhost:8000]

The URL of your Akeyless Gateway (with the configuration management port).

-c, --chef-server-username

Chef server username.

-y, --chef-server-key

Chef server key.

-s, --chef-server-url

Chef server URL.

-g, --chef-orgs

Chef organizations.

--skip-ssl[=true]

Skip SSL.

--producer-encryption-key-name

Encrypt dynamic secret with the following key.

--user-ttl[=60m]

User TTL.

--tag

A list of tags attached to this secret. To specify multiple tags use the argument multiple times: --tag Tag1 --tag Tag2 .

--delete-protection

Protection from accidental deletion of this item, [true/false].

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

gateway-create-producer-custom

Creates a custom webhook-based dynamic secret.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--create-sync-url

**Y**

URL of an endpoint that implements /sync/create method.

--revoke-sync-url

**Y**

URL of an endpoint that implements /sync/revoke method.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

--payload

Secret payload to be sent with each create/revoke webhook request.

--timeout-sec[=60]

Maximum allowed time in seconds for the webhook to return the results.

--username

Required only when the authentication process requires a username and password.

--password

Required only when the authentication process requires a username and password.

--uid-token

The universal identity token, Required only for universal_identity authentication.

gateway-delete-producer

Deletes producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

gateway-get-producer

Return producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

gateway-get-producer-tmp-creds

Return producer temporary credentials list.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

gateway-list-producers

Return available producers.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

gateway-revoke-producer-tmp-creds

Revoke producer temporary credentials.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

--tmp-creds-id

Temp Creds ID.

--soft-delete

Use soft delete.

--host

Host.

gateway-start-producer

Starts producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

gateway-stop-producer

Stops producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

gateway-update-producer-tmp-creds

Update ttl of producer temporary credentials.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

Akeyless Gateway URL (by default: http://localhost:8000).

-n, --name

**Y**

Producer name.

--tmp-creds-id

Temp Creds ID.

--new-ttl-min

New TTL in Minutes.


Did this page help you?