CLI Reference - Akeyless Targets

📘
NOTE
Looking for a specific command? Use the Table of Contents on the right. ===>

Managing Targets

assoc-target-item

Create an association between target and item.

Parameters

Parameter	Mandatory	Description
`-t, --target-name`	Y	The target to associate.
`-n, --name`	Y	The item to associate.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-assoc-target-item

Delete an association between target and item

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of a target. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--id, --assoc-id`		The association id to be deleted. Not required if target name is specified.
`-t, --target-name`		The target name with which association will be deleted.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-target

Delete a target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be deleted. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`-v, --target-version`		Target version.
`--force-deletion[=false]`		Delete target even if it has associated items.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

delete-targets

Delete multiple targets from a given path

Parameters

Parameter	Mandatory	Description
`-p, --path`	Y	Path to delete the targets from.
`--force-deletion[=false]`		Delete target even if it has associated items.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

get-target

Get target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--show-versions[=false]`		Include all target versions in reply.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

get-target-details

Get target details

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`-v, --target-version`		Target version
`--show-versions[=false]`		Include all target versions in reply.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

list-targets

Returns a list of all targets in the account.

Parameters

Parameter	Mandatory	Description
`--filter`		Filter by the target name or a part of it.
`--pagination-token`		Next page reference.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Creating Targets

create-aws-target

Creates a new AWS target.

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`access-key-id`	Y	AWS access key ID.
`--access-key`		AWS secret access key.
`--region [=us-east-2]`		AWS region.
`--session-token`		Required only for temporary security credentials retrieved using STS.
`-i, --use-gw-cloud-identity`		Use the GW's Cloud IAM.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--comment`		A comment about the target.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-azure-target

Creates a new Azure target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--client-id`		Azure client/application id.
`--tenant-id`		Azure tenant id.
`--client-secret`		Azure client secret.
`-i, --use-gw-cloud-identity`		Use the GW's Cloud IAM.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.
`--comment`		A comment about the target.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-db-target

Creates a new DB target

Parameters for MSSQL, Redshift

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--user-name`	Y	Database user name.
`--host`	Y	Database host.
`--pwd`	Y	Database password.
`--port`	Y	Database port.
`--db-name`	Y	Database name.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for MySQL, PostgreSQL, SAP HanaDB

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--user-name`	Y	Database user name.
`--host`	Y	Database host.
`--pwd`	Y	Database password.
`--port`	Y	Database port.
`--db-name`	Y	Database name.
`--ssl[=false]`		Enables/disables SSL.
`--ssl-certificate`		SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA).
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--db-server-certificates`		For MySQL: Set of root certificate authorities in base64 encoding used by clients to verify server certificates.
`--db-server-name`		For MySQL: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for MongoDB

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--mongodb-username`	Y	Privilege database user name with sufficient rights to create users.
`--mongodb-password`	Y	Password of the database privilege user name.
`--mongodb-host-port`	Y	Target database host name or IP address with port.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--mongodb-default-auth-db`		MongoDB server default authentication database.
`--mongodb-server-uri`		MongoDB server URI (e.g. `mongodb://akeyless:[email protected]:27017/admin?replicaSet=mySet` .
`--mongodb-uri-options`		MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB).
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Mongo Atlas

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--mongodb-atlas`	Y	Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target.
`--mongodb-atlas-project-id`	Y	MongoDB Atlas project ID.
`--db-name`	Y	Database name.
`--mongodb-atlas-api-public-key`	Y	MongoDB Atlas public key.
`--mongodb-atlas-api-private-key`	Y	MongoDB Atlas private key
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Oracle DB

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--user-name`	Y	Database username.
`--host`	Y	Database host.
`--pwd`	Y	Database password.
`--port`	Y	Database port.
`--oracle-service-name`	Y	Oracle service name.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is us
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Snowflake

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--snowflake-account`	Y	Snowflake account name.
`--user-name`	Y	Snowflake account user name.
`--pwd`	Y	Snowflake account password.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

Parameters for Cassandra

Parameter	Mandatory	Description
`-n, --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--db-type`	Y	Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.
`--user-name`	Y	Database user name.
`--host`	Y	Database host.
`--pwd`	Y	Database password.
`--port`	Y	Database port.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

create-eks-target

Creates a new EKS target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--eks-cluster-name`	Y	EKS cluster name.
`--eks-cluster-endpoint`	Y	EKS cluster endpoint (i.e., `https://<IP>` of the cluster).
`--eks-cluster-ca-cert`	Y	EKS cluster base-64 encoded certificate.
`--eks-access-key-id`	Y	EKS access key ID.
`--eks-secret-access-key`	Y	EKS secret access key.
`--eks-region[=us-east-2]`	Y	EKS region.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-gcp-target

Creates a new GCP target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`-e, --gcp-sa-email`	Y	GCP service account email.
`--gcp-key-file-path`	Y	Path to file with the base64-encoded service account private key or `--gcp-key` Base64-encoded service account private key text.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-gke-target

Creates a new GKE target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--gke-account-email`	Y	GKE service account email.
`--gke-account-key-file-path`	Y	File path to GKE service account key or `--gke-account-key` GKE service account key
`--gke-cluster-endpoint`	Y	GKE cluster endpoint, i.e., cluster URI `https://<DNS/IP>`.
`--gke-cluster-ca-cert`	Y	GKE Base-64 encoded cluster certificate.
`--gke-cluster-name`	Y	GKE cluster name
`--gke-cluster-name`		GKE cluster name.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-k8s-target

Creates a new K8S target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`-e, --k8s-cluster-endpoint`	Y	K8S Cluster endpoint. `https://<DNS / IP>` of the cluster.
`-c, --k8s-cluster-ca-cert`	Y	K8S Cluster certificate. Base 64 encoded certificate.
`-t, --k8s-cluster-token`	Y	K8S Cluster authentication token.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

create-rabbitmq-target

Creates a new RabbitMQ target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--user`	Y	RabbitMQ server user.
`--pwd`	Y	RabbitMQ server password.
`--uri`	Y	RabbitMQ server URI.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-ssh-target

Creates a new SSH target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`--host`	Y	SSH hostname.
`--port[=22]`	Y	SSH port.
`--ssh-username`	Y	SSH username.
`--ssh-password`	Y	SSH password
`--private-key-path`		SSH private key file path (Can be used alternatively to username/password authentication.)
`--private-key`		SSH private key (Can be used alternatively to username/password authentication.)
<code--private-key-password		SSH private key password (Can be used alternatively to username/password authentication.)
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

create-web-target

Creates a new web target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash `/` separators. If the folder does not exist, it will be created together with the target.
`-u, --url`	Y	Web target URL.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

Updating Targets

update-aws-target

Updates an existing aws target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.

update-azure-target

Updates an existing azure target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.

update-db-target

Update an existing db target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		Comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-eks-target

Updates an existing eks target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		Comment about the target.
`--eks-cluster-name`		EKS cluster name
`--eks-cluster-endpoint`		EKS cluster endpoint (i.e., `https://<IP> of the cluster`).
`--eks-cluster-ca-cert`		EKS cluster base-64 encoded certificate.
`--eks-access-key-id`		EKS access key ID.
`--eks-secret-access-key`		EKS secret access key.
`--eks-region[=us-east-2]`		EKS region.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-gcp-target

Update an existing gcp target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		Comment about the target.
`--gcp-key-file-path`		Path to file with the base64-encoded service account private key.
`--gcp-key`		Base64-encoded service account private key text.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

update-gke-target

Updates an existing gke target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		A comment about the target.
`-a, --gke-account-email`		GKE service account email.
`--gke-account-key-file-path`		File path to GKE service account key.
`--gke-account-key`		GKE service account key.
`-e, --gke-cluster-endpoint`		GKE cluster endpoint, i.e., cluster URI `https://<DNS/IP>`.
`-c, --gke-cluster-ca-cert`		GKE Base-64 encoded cluster certificate
`--gke-cluster-name`		GKE cluster name.
`-i, --use-gw-cloud-identity`		Use the Gateway's Cloud IAM.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-k8s-target

Updates an existing k8s target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		Comment about the target.
`-e, --k8s-cluster-endpoint`		K8S Cluster endpoint. `https:// <DNS / IP>` of the cluster.
`-c, --k8s-cluster-ca-cert`		K8S Cluster certificate. Base64-encoded certificate.
`-t, --k8s-cluster-token`		K8S Cluster authentication token.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-rabbitmq-target

Update an existing new rabbitmq target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--comment`		Comment about the target.
`--user`		RabbitMQ server user.
`--pwd`		RabbitMQ server password.
`--uri`		RabbitMQ server URI.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-ssh-target

Update an existing ssh target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--comment`		A comment about the target.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`--host`		SSH hostname.
`--port[=22]`		SSH port.
`--ssh-username`		SSH username.
`--ssh-password`		SSH password to rotate.
`--private-key-path`		SSH private key file path.
`--private-key`		SSH private key.
`--private-key-password`		SSH private key password
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-target

Update target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--new-comment`		New comment about the target.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

update-web-target

Update an existing web target

Parameters

Parameter	Mandatory	Description
`-n , --name`	Y	A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash `/` separators.
`--new-name`		New target name. The name can include the path to the new virtual folder, using slash `/` separators.
`--comment`		A comment about the target.
`--keep-prev-version`		Boolean, set to `true` to keep the previous version.
`-u , --url`		Web target URL.
`-k, --key`		Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.
`--profile`, `--token`		Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

📘NOTE

Managing Targets

assoc-target-item

Parameters

delete-assoc-target-item

Parameters

delete-target

Parameters

delete-targets

Parameters

get-target

Parameters

get-target-details

Parameters

list-targets

Parameters

Creating Targets

create-aws-target

Parameters

create-azure-target

Parameters

create-db-target

Parameters for MSSQL, Redshift

Parameters for MySQL, PostgreSQL, SAP HanaDB

Parameters for MongoDB

Parameters for Mongo Atlas

Parameters for Oracle DB

Parameters for Snowflake

Parameters for Cassandra

create-eks-target

Parameters

create-gcp-target

Parameters

create-gke-target

Parameters

create-k8s-target

Parameters

create-rabbitmq-target

Parameters

create-ssh-target

Parameters

create-web-target

Parameters

Updating Targets

update-aws-target

Parameters

update-azure-target

Parameters

update-db-target

Parameters

update-eks-target

Parameters

update-gcp-target

Parameters

update-gke-target

Parameters

update-k8s-target

Parameters

update-rabbitmq-target

Parameters

update-ssh-target

Parameters

update-target

Parameters

update-web-target

Parameters

📘
NOTE