CLI Reference - Akeyless Targets
NOTE
Looking for a specific command? Use the Table of Contents on the right. ===>
Managing Targets
Managing Targets
assoc-target-item
assoc-target-item
Create an association between target and item.
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The target to associate. |
| **Y** | The item to associate. |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
delete-assoc-target-item
delete-assoc-target-item
Delete an association between target and item
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of a target. The name can include the path to the virtual folder in which you created the target, using slash |
| The association id to be deleted. Not required if target name is specified. | |
| The target name with which association will be deleted. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
delete-target
delete-target
Delete a target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be deleted. The name can include the path to the virtual folder in which you created the target, using slash |
| Target version. | |
| Delete target even if it has associated items. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
delete-targets
delete-targets
Delete multiple targets from a given path
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Path to delete the targets from. |
| Delete target even if it has associated items. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
get-target
get-target
Get target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target. The name can include the path to the virtual folder in which you created the target, using slash |
| Include all target versions in reply. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
get-target-details
get-target-details
Get target details
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target. The name can include the path to the virtual folder in which you created the target, using slash |
| Target version | |
| Include all target versions in reply. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
list-targets
list-targets
Returns a list of all targets in the account.
Parameters
Parameter | Mandatory | Description |
---|---|---|
| Filter by the target name or a part of it. | |
| Next page reference. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Creating Targets
Creating Targets
create-aws-target
create-aws-target
Creates a new AWS target.
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | AWS access key ID. |
| AWS secret access key. | |
| AWS region. | |
| Required only for temporary security credentials retrieved using STS. | |
| Use the GW's Cloud IAM. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| A comment about the target. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
create-azure-target
create-azure-target
Creates a new Azure target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| Azure client/application id. | |
| Azure tenant id. | |
| Azure client secret. | |
| Use the GW's Cloud IAM. | |
| Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used. | |
| A comment about the target. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
create-db-target
create-db-target
Creates a new DB target
Parameters for MSSQL, Redshift
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Database user name. |
| **Y** | Database host. |
| **Y** | Database password. |
| **Y** | Database port. |
| **Y** | Database name. |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for MySQL, PostgreSQL, SAP HanaDB
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Database user name. |
| **Y** | Database host. |
| **Y** | Database password. |
| **Y** | Database port. |
| **Y** | Database name. |
| Enables/disables SSL. | |
| SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA). | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| For MySQL: Set of root certificate authorities in base64 encoding used by clients to verify server certificates. | |
| For MySQL: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for MongoDB
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Privilege database user name with sufficient rights to create users. |
| **Y** | Password of the database privilege user name. |
| **Y** | Target database host name or IP address with port. |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| MongoDB server default authentication database. | |
| MongoDB server URI (e.g. | |
| MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB). | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for Mongo Atlas
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target. |
| **Y** | MongoDB Atlas project ID. |
| **Y** | Database name. |
| **Y** | MongoDB Atlas public key. |
| **Y** | MongoDB Atlas private key |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for Oracle DB
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Database username. |
| **Y** | Database host. |
| **Y** | Database password. |
| **Y** | Database port. |
| **Y** | Oracle service name. |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is us | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for Snowflake
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Snowflake account name. |
| **Y** | Snowflake account user name. |
| **Y** | Snowflake account password. |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Parameters for Cassandra
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift. |
| **Y** | Database user name. |
| **Y** | Database host. |
| **Y** | Database password. |
| **Y** | Database port. |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
create-eks-target
create-eks-target
Creates a new EKS target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | EKS cluster name. |
| **Y** | EKS cluster endpoint (i.e., |
| **Y** | EKS cluster base-64 encoded certificate. |
| **Y** | EKS access key ID. |
| **Y** | EKS secret access key. |
| **Y** | EKS region. |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used. |
create-gcp-target
create-gcp-target
Creates a new GCP target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | GCP service account email. |
| **Y** | Path to file with the base64-encoded service account private key or |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
create-gke-target
create-gke-target
Creates a new GKE target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | GKE service account email. |
| **Y** | File path to GKE service account key or |
| **Y** | GKE cluster endpoint, i.e., cluster URI |
| **Y** | GKE Base-64 encoded cluster certificate. |
| **Y** | GKE cluster name |
| GKE cluster name. | |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
create-k8s-target
create-k8s-target
Creates a new K8S target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | K8S Cluster endpoint. |
| **Y** | K8S Cluster certificate. Base 64 encoded certificate. |
| **Y** | K8S Cluster authentication token. |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
create-rabbitmq-target
create-rabbitmq-target
Creates a new RabbitMQ target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | RabbitMQ server user. |
| **Y** | RabbitMQ server password. |
| **Y** | RabbitMQ server URI. |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used. |
create-ssh-target
create-ssh-target
Creates a new SSH target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | SSH hostname. |
| **Y** | SSH port. |
| **Y** | SSH username. |
| **Y** | SSH password |
| SSH private key file path (Can be used alternatively to username/password authentication.) | |
| SSH private key (Can be used alternatively to username/password authentication.) | |
<code--private-key-password | SSH private key password (Can be used alternatively to username/password authentication.) | |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used. |
create-web-target
create-web-target
Creates a new web target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash |
| **Y** | Web target URL. |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
Updating Targets
Updating Targets
update-aws-target
update-aws-target
Updates an existing aws target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to |
update-azure-target
update-azure-target
Updates an existing azure target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to |
update-db-target
update-db-target
Update an existing db target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| Comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
update-eks-target
update-eks-target
Updates an existing eks target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| Comment about the target. | |
| EKS cluster name | |
| EKS cluster endpoint (i.e., | |
| EKS cluster base-64 encoded certificate. | |
| EKS access key ID. | |
| EKS secret access key. | |
| EKS region. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
update-gcp-target
update-gcp-target
Update an existing gcp target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| Comment about the target. | |
| Path to file with the base64-encoded service account private key. | |
| Base64-encoded service account private key text. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
update-gke-target
update-gke-target
Updates an existing gke target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| A comment about the target. | |
| GKE service account email. | |
| File path to GKE service account key. | |
| GKE service account key. | |
| GKE cluster endpoint, i.e., cluster URI | |
| GKE Base-64 encoded cluster certificate | |
| GKE cluster name. | |
| Use the Gateway's Cloud IAM. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
update-k8s-target
update-k8s-target
Updates an existing k8s target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| Comment about the target. | |
| K8S Cluster endpoint. | |
| K8S Cluster certificate. Base64-encoded certificate. | |
| K8S Cluster authentication token. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
update-rabbitmq-target
update-rabbitmq-target
Update an existing new rabbitmq target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| Boolean, set to | |
| Comment about the target. | |
| RabbitMQ server user. | |
| RabbitMQ server password. | |
| RabbitMQ server URI. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
update-ssh-target
update-ssh-target
Update an existing ssh target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| A comment about the target. | |
| Boolean, set to | |
| SSH hostname. | |
| SSH port. | |
| SSH username. | |
| SSH password to rotate. | |
| SSH private key file path. | |
| SSH private key. | |
| SSH private key password | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
update-target
update-target
Update target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| New comment about the target. | |
| Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
update-web-target
update-web-target
Update an existing web target
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash |
| New target name. The name can include the path to the new virtual folder, using slash | |
| A comment about the target. | |
| Boolean, set to | |
| Web target URL. | |
| Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used. | |
| Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token. |
Updated 3 days ago