CLI Reference - Akeyless Producers

📘

NOTE

Looking for a specific command? Use the Table of Contents on the right. ===>

gateway-create-producer-artifactory

Creates Artifactory producer.

Parameters

Parameter

Mandatory

Description

--base-url

**Y**

Artifactory REST URL, must end with artifactory postfix.

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--artifactory-token-scope

**Y**

Token scope provided as a space-separated list, for example: member-of-groups:readers.

--artifactory-token-audience

**Y**

A space-separate list of the other Artifactory instances or services that should accept this token., for example: [email protected]* .

--artifactory-admin-name

Admin name.

--artifactory-admin-pwd

Admin API Key/Password.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-aws

Creates AWS producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--aws-access-mode

The types of credentials to retrieve from AWS. Options:[iam_user,assume_role].

--aws-access-key-id

Access Key ID.

--aws-access-secret-key

Access Secret Key.

--aws-region[=us-east-2]

AWS region.

--aws-user-policies

Policy ARN(s). Multiple values should be separated by a comma.

---aws-user-groups

UserGroup name(s). Multiple values should be separated by a comma.

--aws-role-arns

AWS Role ARNs to be used in the Assume Role operation. Multiple values should be separated by a comma.

--aws-user-console-access[=false]

Enable AWS User console access.

--aws-user-programmatic-access[=true]

Enable AWS User programmatic access

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

--admin-creds-rotation[=false]

Enable automatic admin credentials rotation.

--admin-creds-rotation-interval[=0]

Admin credentials rotation interval (days).

gateway-create-producer-azure

Creates Azure AD producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--azure-tenant-id

Azure Tenant ID.

--azure-client-id

Azure Client ID (Application ID).

--azure-client-secret

Azure AD Client Secret.

--azure-user-portal-access[=false]

Enable Azure AD user portal access.

--azure-user-programmatic-access[=true]

Enable Azure AD user programmatic access.

--azure-app-obj-id

Azure App Object ID (required if selected programmatic access)

--azure-user-principal-name

Azure AD User Principal Name (required if selected Portal access).

--azure-user-group-obj-id

Azure AD User Group Object ID (required if selected Portal access).

--azure-user-role-template-id

Azure AD User Role Template ID (required if selected Portal access).

gateway-create-producer-eks

Creates Amazon Elastic Kubernetes Service (Amazon EKS) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret

--eks-cluster-name

**Y**

EKS cluster name. Must match the EKS cluster name you want to connect to

--eks-cluster-endpoint

**Y**

EKS Cluster endpoint. https:// , <DNS / IP> of the cluster.

--eks-cluster-ca-cert

**Y**

EKS Cluster certificate. Base 64 encoded certificate.

--eks-access-key-id

EKS Access Key ID.

--eks-secret-access-key

EKS Secret Access Key.

--eks-region[=us-east-2]

EKS Region.

--eks-assume-role

Role ARN. Role to assume when connecting to the EKS cluster.

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-gke

Creates Google Kubernetes Engine (GKE) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--gke-account-email

**Y**

GKE service account email.

--gke-account-key-file-path

**Y**

File path to GKE Service Account Key. File path to RSA private key generated for this account to access.

--gke-cluster-endpoint

**Y**

GKE Cluster endpoint. https:// , <DNS / IP> of the cluster.

--gke-cluster-ca-cert

**Y**

GKE Cluster certificate. Base 64 encoded certificate.

--gke-cluster-name

GKE Cluster name.

--producer-encryption-key-name

Encrypt the producer with the following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-gcp

Creates Google Cloud Provider (GCP) producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--gcp-sa-email

**Y**

GCP service account email.

--gcp-cred-type[=token]

**Y**

Credentials type, options are [token, key].

--gcp-key-file-path

Path to file with the Base64-encoded service account private key.

--gcp-key

Base64-encoded service account private key text.

--gcp-token-scopes

Access token scopes list, e.g. scope1,scope2.

--gcp-key-algo

Service account key algorithm, e.g. KEY_ALG_RSA_1024.

--user-ttl[=60m]

User TTL (<=60m for access token).

--producer-encryption-key-name

Dynamic producer encryption key

--profile

Use a specific profile from your akeyless/profiles/ folder.

--username

Required only when the authentication process requires a username and password.

--password

Required only when the authentication process requires a username and password.

--uid-token

The universal identity token, Required only for universal_identity authentication.

gateway-create-producer-mongo

Creates a MongoDB/MongoDB Atlas producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mongodb-roles[=[]]

MongoDB roles (e.g. MongoDB:[{"role":"readWrite", "db": "sales"}], MongoDB Atlas:[{"roleName" : "readWrite", "databaseName": "sales"}]).

--mongodb-server-uri

MongoDB server uri (e.g. mongodb://akeyless:[email protected]:27017/admin?replicaSet=mySet.

--mongodb-username

MongoDB server username.

--mongodb-password

MongoDB server password.

--mongodb-host-port

host:port (e.g. 1.2.3.4:8089).

--mongodb-default-auth-db

MongoDB server default authentication database.

--mongodb-uri-options

MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB).

--mongodb-atlas-project-id

MongoDB Atlas project ID.

--mongodb-atlas-api-public-key

MongoDB Atlas public key.

--mongodb-atlas-api-private-key

MongoDB Atlas private key.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-mssql

Creates Microsoft SQL Server.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mssql-dbname

MSSQL Server DB Name.

--mssql-username

MS SQL Server user.

--mssql-password

MS SQL Server password.

--mssql-host[=127.0.0.1]

MS SQL Server host name.

--mssql-port[=1433]

MS SQL Server port.

--mssql-creation-statements[=CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';]

MSSQL Server Creation Statements.

--mssql-revocation-statements[=DROP LOGIN [{{name}}];]

MSSQL Server Revocation Statements.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-mysql

Create MySQL producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--mysql-dbname

MySQL DB name.

--mysql-username

MySQL user.

--mysql-password

MySQL password.

--mysql-host[=127.0.0.1]

MySQL host name.

--mysql-port[=3306]

MySQL port.

--mysql-statements

MySQL Creation Statements.

--db-server-certificates

The set of root certificate authorities in base64 encoding that clients use when verifying server certificates.

--db-server-name

Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-postgresql

Creates PostgreSQL producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

The URL of your Akeyless Gateway (configuration management port).

-n, --name

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--postgresql-db-name

PostgreSQL DB name.

--postgresql-username

PostgreSQL user.

--postgresql-password

PostgreSQL password.

--postgresql-host[=127.0.0.1]

PostgreSQL host name.

--postgresql-port[=5432]

PostgreSQL port.

--postgresql-statements[=CREATE USER "{{name}}" WITH PASSWORD '{{password}}' VALID UNTIL '2022-01-01';GRANT SELECT ON ALL TABLES IN SCHEMA public TO "{{name}}";GRANT CONNECT ON DATABASE postgres TO "{{name}}";GRANT USAGE ON SCHEMA public TO "{{name}}";]

PostgreSQL Creation Statements.

--enc-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-rabbitmq

Creates RabbitMQ producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--rabbitmq-server-uri

**Y**

RabbitMQ server URI.

--rabbitmq-user-conf-permission

**Y**

User configuration permission, for example:[.*,queue-name].

--rabbitmq-user-write-permission

**Y**

User write permission, for example:[.*,queue-name].

--rabbitmq-user-read-permission

**Y**

User read permission, for example:[.*,queue-name].

--rabbitmq-admin-user

RabbitMQ server user.

--rabbitmq-admin-pwd

RabbitMQ server password.

--rabbitmq-user-vhost

User Virtual Host.

--rabbitmq-user-tags

Comma-separated list of tags to apply to user.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-rdp

Creates an RDP dynamic secret.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--rdp-user-groups

**Y**

A comma-separated list of the RDP user group(s) to which new users should be added.

--rdp-host-name

**Y**

The hostname or IP address of the target Windows server.

--rdp-admin-name

The username of an administrator user with sufficient permissions to create users, groups, and so on.

--rdp-admin-pwd

The administrator user password.

--rdp-host-port[=22]

The SSH port for the connection, by default 22.

--fixed-user-only[=false]

Define as true to create the same user each time the secret is requested.

--producer-encryption-key-name

The encryption key with which to encrypt the dynamic secret (if your system includes multiple encryption keys).

--user-ttl[=60m]

The length of time for which the credentials generated by the dynamic secret are valid.

gateway-create-producer-snowflake

Creates a dynamic secret that generates access credentials for Snowflake.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--account

**Y**

The Snowflake account name in xy12345.region.cloud_provider format.

--db-name

**Y**

The name of the target Snowflake database.

--role

The Snowflake role to be assigned to temporary users.

--warehouse

The name of the target Snowflake warehouse.

--user-ttl

The length of time for which the credentials generated by the dynamic secret are valid, by default 60 (minutes).

--profile

The specific Akeyless profile to use to execute the command.

--username

The username for a Snowflake user administrator (with the USERADMIN role or higher).

--password

The password for the Snowflake user administrator account.

--uid-token

The universal identity token. This value is only required if you use universal_identity authentication.

gateway-create-producer-venafi

Creates Venafi producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--venafi-api-key

**Y**

Venafi API key.

--venafi-zone

**Y**

Venafi Zone.

--creating-cert-using-pki

Creating certificates using Akeyless PKI.

--root-first-in-chain

Root chain.

--store-private-key

Store private key in Akeyless.

--auto-generated-folder

Auto generated folder.

--issuer-name

Issuer name.

--signer-key-name

Signer key name.

--allowed-domains

Allowed domains.

--allow-subdomains

Allow subdomains.

--admin-creds-rotation[=false]

Enable automatic admin credentials rotation.

--admin-creds-rotation-interval[=0]

Admin credentials rotation interval (days).

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

gateway-create-producer-custom

Creates a custom webhook based dynamic secret producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url

**Y**

The URL of your Akeyless Gateway (configuration management port).

-n, --name

**Y**

A unique name for the dynamic secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.

--create-sync-url

**Y**

URL of an endpoint that implements /sync/create method.

--revoke-sync-url

**Y**

URL of an endpoint that implements /sync/revoke method.

--producer-encryption-key-name

Encrypt producer with following key.

--user-ttl[=60m]

User TTL.

--payload

Secret payload to be sent with each create/revoke webhook request.

--timeout-sec[=60]

Maximum allowed time in seconds for the webhook to return the results.

--username

Required only when the authentication process requires a username and password.

--password

Required only when the authentication process requires a username and password.

--uid-token

The universal identity token, Required only for universal_identity authentication.

gateway-delete-producer

Deletes producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

gateway-get-producer

Return producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

gateway-get-producer-tmp-creds

Return producer temporary credentials list.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

gateway-list-producers

Return available producers.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

gateway-revoke-producer-tmp-creds

Revoke producer temporary credentials.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

--tmp-creds-id

Temp Creds ID.

--soft-delete

Use soft delete.

--host

Host.

gateway-start-producer

Starts producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

gateway-stop-producer

Stops producer.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

gateway-update-producer-tmp-creds

Update ttl of producer temporary credentials.

Parameters

Parameter

Mandatory

Description

-u, --gateway-url[=http://localhost:8000]

**Y**

Akeyless Gateway URL (Configuration Management port).

-n, --name

**Y**

Producer name.

--tmp-creds-id

Temp Creds ID.

--new-ttl-min

New TTL in Minutes.


Did this page help you?