CLI Reference - Akeyless Targets

📘

NOTE

Looking for a specific command? Use the Table of Contents on the right. ===>

Managing Targets

assoc-target-item

Create an association between target and item.

Parameters

Parameter

Mandatory

Description

-t, --target-name

**Y**

The target to associate.

-n, --name

**Y**

The item to associate.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-assoc-target-item

Delete an association between target and item

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of a target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--id, --assoc-id

The association id to be deleted. Not required if target name is specified.

-t, --target-name

The target name with which association will be deleted.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-target

Delete a target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be deleted. The name can include the path to the virtual folder in which you created the target, using slash / separators.

-v, --target-version

Target version.

--force-deletion[=false]

Delete target even if it has associated items.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-targets

Delete multiple targets from a given path

Parameters

Parameter

Mandatory

Description

-p, --path

**Y**

Path to delete the targets from.

--force-deletion[=false]

Delete target even if it has associated items.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

get-target

Get target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--show-versions[=false]

Include all target versions in reply.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

get-target-details

Get target details

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

-v, --target-version

Target version

--show-versions[=false]

Include all target versions in reply.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

list-targets

Returns a list of all targets in the account.

Parameters

Parameter

Mandatory

Description

--filter

Filter by the target name or a part of it.

--pagination-token

Next page reference.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Creating Targets

create-aws-target

Creates a new AWS target.

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

access-key-id

**Y**

AWS access key ID.

--access-key

AWS secret access key.

--region [=us-east-2]

AWS region.

--session-token

Required only for temporary security credentials retrieved using STS.

-i, --use-gw-cloud-identity

Use the GW's Cloud IAM.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--comment

A comment about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-azure-target

Creates a new Azure target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--client-id

Azure client/application id.

--tenant-id

Azure tenant id.

--client-secret

Azure client secret.

-i, --use-gw-cloud-identity

Use the GW's Cloud IAM.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

--comment

A comment about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-db-target

Creates a new DB target

Parameters for MSSQL, Redshift

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--db-name

**Y**

Database name.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for MySQL, PostgreSQL, SAP HanaDB

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--db-name

**Y**

Database name.

--ssl[=false]

Enables/disables SSL.

--ssl-certificate

SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA).

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--db-server-certificates

For MySQL: Set of root certificate authorities in base64 encoding used by clients to verify server certificates.

--db-server-name

For MySQL: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for MongoDB

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--mongodb-username

**Y**

Privilege database user name with sufficient rights to create users.

--mongodb-password

**Y**

Password of the database privilege user name.

--mongodb-host-port

**Y**

Target database host name or IP address with port.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--mongodb-default-auth-db

MongoDB server default authentication database.

--mongodb-server-uri

MongoDB server URI (e.g. mongodb://akeyless:[email protected]:27017/admin?replicaSet=mySet .

--mongodb-uri-options

MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Mongo Atlas

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--mongodb-atlas

**Y**

Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target.

--mongodb-atlas-project-id

**Y**

MongoDB Atlas project ID.

--db-name

**Y**

Database name.

--mongodb-atlas-api-public-key

**Y**

MongoDB Atlas public key.

--mongodb-atlas-api-private-key

**Y**

MongoDB Atlas private key

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Oracle DB

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database username.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--oracle-service-name

**Y**

Oracle service name.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is us

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Snowflake

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--snowflake-account

**Y**

Snowflake account name.

--user-name

**Y**

Snowflake account user name.

--pwd

**Y**

Snowflake account password.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Cassandra

Parameter

Mandatory

Description

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-eks-target

Creates a new EKS target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--eks-cluster-name

**Y**

EKS cluster name.

--eks-cluster-endpoint

**Y**

EKS cluster endpoint (i.e., https://<IP> of the cluster).

--eks-cluster-ca-cert

**Y**

EKS cluster base-64 encoded certificate.

--eks-access-key-id

**Y**

EKS access key ID.

--eks-secret-access-key

**Y**

EKS secret access key.

--eks-region[=us-east-2]

**Y**

EKS region.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-gcp-target

Creates a new GCP target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-e, --gcp-sa-email

**Y**

GCP service account email.

--gcp-key-file-path

**Y**

Path to file with the base64-encoded service account private key or --gcp-key Base64-encoded service account private key text.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-gke-target

Creates a new GKE target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--gke-account-email

**Y**

GKE service account email.

--gke-account-key-file-path

**Y**

File path to GKE service account key or --gke-account-key GKE service account key

--gke-cluster-endpoint

**Y**

GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>.

--gke-cluster-ca-cert

**Y**

GKE Base-64 encoded cluster certificate.

--gke-cluster-name

**Y**

GKE cluster name

--gke-cluster-name

GKE cluster name.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-k8s-target

Creates a new K8S target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-e, --k8s-cluster-endpoint

**Y**

K8S Cluster endpoint. https://<DNS / IP> of the cluster.

-c, --k8s-cluster-ca-cert

**Y**

K8S Cluster certificate. Base 64 encoded certificate.

-t, --k8s-cluster-token

**Y**

K8S Cluster authentication token.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-rabbitmq-target

Creates a new RabbitMQ target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--user

**Y**

RabbitMQ server user.

--pwd

**Y**

RabbitMQ server password.

--uri

**Y**

RabbitMQ server URI.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-ssh-target

Creates a new SSH target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--host

**Y**

SSH hostname.

--port[=22]

**Y**

SSH port.

--ssh-username

**Y**

SSH username.

--ssh-password

**Y**

SSH password

--private-key-path

SSH private key file path

(Can be used alternatively to username/password authentication.)

--private-key

SSH private key

(Can be used alternatively to username/password authentication.)

<code--private-key-password

SSH private key password

(Can be used alternatively to username/password authentication.)

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-web-target

Creates a new web target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-u, --url

**Y**

Web target URL.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

Updating Targets

update-aws-target

Updates an existing aws target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

update-azure-target

Updates an existing azure target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

update-db-target

Update an existing db target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-eks-target

Updates an existing eks target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--eks-cluster-name

EKS cluster name

--eks-cluster-endpoint

EKS cluster endpoint (i.e., https://<IP> of the cluster).

--eks-cluster-ca-cert

EKS cluster base-64 encoded certificate.

--eks-access-key-id

EKS access key ID.

--eks-secret-access-key

EKS secret access key.

--eks-region[=us-east-2]

EKS region.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-gcp-target

Update an existing gcp target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--gcp-key-file-path

Path to file with the base64-encoded service account private key.

--gcp-key

Base64-encoded service account private key text.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-gke-target

Updates an existing gke target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

A comment about the target.

-a, --gke-account-email

GKE service account email.

--gke-account-key-file-path

File path to GKE service account key.

--gke-account-key

GKE service account key.

-e, --gke-cluster-endpoint

GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>.

-c, --gke-cluster-ca-cert

GKE Base-64 encoded cluster certificate

--gke-cluster-name

GKE cluster name.

-i, --use-gw-cloud-identity

Use the Gateway's Cloud IAM.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-k8s-target

Updates an existing k8s target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

-e, --k8s-cluster-endpoint

K8S Cluster endpoint. https:// <DNS / IP> of the cluster.

-c, --k8s-cluster-ca-cert

K8S Cluster certificate. Base64-encoded certificate.

-t, --k8s-cluster-token

K8S Cluster authentication token.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-rabbitmq-target

Update an existing new rabbitmq target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--user

RabbitMQ server user.

--pwd

RabbitMQ server password.

--uri

RabbitMQ server URI.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-ssh-target

Update an existing ssh target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--comment

A comment about the target.

--keep-prev-version

Boolean, set to true to keep the previous version.

--host

SSH hostname.

--port[=22]

SSH port.

--ssh-username

SSH username.

--ssh-password

SSH password to rotate.

--private-key-path

SSH private key file path.

--private-key

SSH private key.

--private-key-password

SSH private key password

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-target

Update target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--new-comment

New comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-web-target

Update an existing web target

Parameters

Parameter

Mandatory

Description

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--comment

A comment about the target.

--keep-prev-version

Boolean, set to true to keep the previous version.

-u , --url

Web target URL.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.


Did this page help you?