CLI Reference - Akeyless Targets

-t, --target-name

**Y**

The target to associate.

-n, --name

**Y**

The item to associate.

--vault-name

Name of the vault used. Relevant only for Classic Key and target association. (Required for Azure targets).

--key-operations

A list of allowed operations for the key. Relevant only for Classic Key and target association. (Required for Azure targets).

--project-id

Project id of the GCP KMS. Relevant only for Classic Key and target association. (Required for GCP targets).

--location-id

Location id of the GCP KMS. Relevant only for Classic Key and target association. (Required for GCP targets).

--keyring-name

Keyring name of the GCP KMS. Relevant only for Classic Key and target association. (Required for GCP targets).

--purpose

Purpose if the key in GCP KMS. Relevant only for Classic Key and target association. (Required for GCP targets).

--kms-algorithm

Algorithm of the key in GCP KMS. Relevant only for Classic Key and target association. (Required for GCP targets).

--tenant-secret-type

The tenant secret type [Data/SearchIndex/Analytics]. Relevant only for Classic Key and target association. (Required for Salesforce targets).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n , --name

**Y**

A name of a target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--id, --assoc-id

The association ID to be deleted. Not required if the target name is specified.

-t, --target-name

The target name with which the association will be deleted.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n , --name

**Y**

A name of the target to be deleted. The name can include the path to the virtual folder in which you created the target, using slash / separators.

-v, --target-version

Target version.

--force-deletion[=false]

Delete target even if it has associated items.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-p, --path

**Y**

Path to delete the targets from.

--force-deletion[=false]

Delete target even if it has associated items.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--show-versions[=false]

Include all target versions in reply.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target. The name can include the path to the virtual folder in which you created the target, using slash / separators.

-v, --target-version

Target version

--show-versions[=false]

Include all target versions in reply.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--filter

Filter by the target name or a part of it.

--pagination-token

Next page reference.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--access-key-id

**Y**

AWS access key ID.

--access-key

AWS secret access key.

--region [=us-east-2]

AWS region.

--session-token

Required only for temporary security credentials retrieved using STS.

-i, --use-gw-cloud-identity

Use the GW's Cloud IAM.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--comment

A comment about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--client-id

Azure client/application id.

--tenant-id

Azure tenant id.

--client-secret

Azure client secret.

-i, --use-gw-cloud-identity

Use the GW's Cloud IAM.

--subscription-id

Azure Subscription ID.

--resource-group-name

The Resource Group name in your Azure Subscription.

--resource-name

The name of the relevant Resource.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

--comment

A comment about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--db-name

**Y**

Database name.

--db-server-certificates

Set of root certificate authorities in base64 encoding used by clients to verify server certificates.

--db-server-name

Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

--ssl[=false]

Enable/Disable SSL [true/false].

--ssl-certificate

SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA).

--snowflake-account

Snowflake account name.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--db-name

**Y**

Database name.

--ssl[=false]

Enables/disables SSL.

--ssl-certificate

SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA).

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--db-server-certificates

For MySQL: Set of root certificate authorities in base64 encoding used by clients to verify server certificates.

--db-server-name

For MySQL: Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--mongodb-username

**Y**

Privilege database user name with sufficient rights to create users.

--mongodb-password

**Y**

Password of the database privilege user name.

--mongodb-host-port

**Y**

Target database host name or IP address with port.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--mongodb-default-auth-db

MongoDB server default authentication database.

--mongodb-server-uri

MongoDB server URI (e.g. mongodb://akeyless:[email protected]:27017/admin?replicaSet=mySet .

--mongodb-uri-options

MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB).

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--mongodb-atlas

**Y**

Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target.

--mongodb-atlas-project-id

**Y**

MongoDB Atlas project ID.

--db-name

**Y**

Database name.

--mongodb-atlas-api-public-key

**Y**

MongoDB Atlas public key.

--mongodb-atlas-api-private-key

**Y**

MongoDB Atlas private key

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database username.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

--oracle-service-name

**Y**

Oracle service name.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is us

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--snowflake-account

**Y**

Snowflake account name.

--user-name

**Y**

Snowflake account user name.

--pwd

**Y**

Snowflake account password.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--db-type

**Y**

Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift.

--user-name

**Y**

Database user name.

--host

**Y**

Database host.

--pwd

**Y**

Database password.

--port

**Y**

Database port.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--eks-cluster-name

**Y**

EKS cluster name.

--eks-cluster-endpoint

**Y**

EKS cluster endpoint (i.e., https://<IP> of the cluster).

--eks-cluster-ca-cert

**Y**

EKS cluster base-64 encoded certificate.

--eks-access-key-id

**Y**

EKS access key ID.

--eks-secret-access-key

**Y**

EKS secret access key.

--eks-region[=us-east-2]

**Y**

EKS region.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-e, --gcp-sa-email

**Y**

GCP service account email.

--gcp-key-file-path

**Y**

Path to file with the base64-encoded service account private key or --gcp-key Base64-encoded service account private key text.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--gke-account-email

**Y**

GKE service account email.

--gke-account-key-file-path

**Y**

File path to GKE service account key or --gke-account-key GKE service account key

--gke-cluster-endpoint

**Y**

GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>.

--gke-cluster-ca-cert

**Y**

GKE Base-64 encoded cluster certificate.

--gke-cluster-name

**Y**

GKE cluster name

--gke-cluster-name

GKE cluster name.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-e, --k8s-cluster-endpoint

**Y**

K8S Cluster endpoint. https://<DNS / IP> of the cluster.

-c, --k8s-cluster-ca-cert

**Y**

K8S Cluster certificate. Base 64 encoded certificate.

-t, --k8s-cluster-token

**Y**

K8S Cluster authentication token.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--user

**Y**

RabbitMQ server user.

--pwd

**Y**

RabbitMQ server password.

--uri

**Y**

RabbitMQ server URI.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--host

**Y**

SSH hostname.

--port[=22]

**Y**

SSH port.

--ssh-username

**Y**

SSH username.

--ssh-password

**Y**

SSH password

--private-key-path

SSH private key file path

(Can be used alternatively to username/password authentication.)

--private-key

SSH private key

(Can be used alternatively to username/password authentication.)

--private-key-password

SSH private key password

(Can be used alternatively to username/password authentication.)

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

-n , --name

**Y**

A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-u, --url

**Y**

Web target URL.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-b, --base-url

**Y**

Artifactory REST URL, must end with artifactory postfix.

-a, --artifactory-admin-name

**Y**

Admin name.

-p, --artifactory-admin-pwd

**Y**

Admin API Key/Password.

-k, --key

The name of a key that will be used to encrypt the target secret value (if left empty, the account default protection key will be used).

--comment

Comments about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-l, --ldap-url

**Y**

LDAP Server URL.

-b, --bind-dn

**Y**

LDAP Bind DN.

-p, --bind-dn-password

**Y**

Password for LDAP Bind DN.

-t, --ldap-ca-cert

LDAP base64-encoded CA Certificate.

--token-expiration

LDAP token expiration time in seconds.

-k, --key

The name of a key that will be used to encrypt the target secret value (if left empty, the account default protection key will be used).

--comment

Comments about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--github-app-id

GitHub application ID.

--github-app-private-key

GitHub application private key (base64-encoded key).

--github-base-url[=https://api.github.com/]

GitHub base URL.

-k, --key

The name of a key that will be used to encrypt the target secret value (if left empty, the account default protection key will be used).

--comment

Comments about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

--dockerhub-username

**Y**

Username for docker repository.

--dockerhub-password

**Y**

Password for docker repository.

-k, --key

The name of a key that will be used to encrypt the target secret value (if left empty, the account default protection key will be used).

--comment

Comments about the target.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The universal identity token. It is required only for universal_identity authentication.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-u, --tenant-url

**Y**

The Salesforce tenant URL.

-i, --client-id

**Y**

The Client ID of the OAuth 2.0 app to use for connecting to Salesforce.

-s, --client-secret

**Y**

The Client secret of the OAuth 2.0 app to use for connecting to Salesforce.

-e, --email

**Y**

The email of the user attached to the OAuth 2.0 app that is used for connecting to Salesforce.

-p, --password

**Y**

The password of the user attached to the OAuth 2.0 app that is used for connecting to Salesforce.

-o, --security-token

**Y**

The security token of the user attached to the OAuth 2.0 app that used for connecting to Salesforce.

--ca-cert-file-name

The name of the file containing a PEM certificate to use when uploading a new key to Salesforce.

--ca-cert-data

The base64-encoded PEM certificate to use when uploading a new key to Salesforce. It is used if the file name of the PEM certificate was not provided.

--ca-cert-name

The name of the certificate in the Salesforce tenant to use when uploading a new key.

-k, --key

The name of the key that will be used to encrypt the target secret value. If the key name is not specified, the account default protection key will be used.

--comment

A comment about the target.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--eks-cluster-name

EKS cluster name

--eks-cluster-endpoint

EKS cluster endpoint (i.e., https://<IP> of the cluster).

--eks-cluster-ca-cert

EKS cluster base-64 encoded certificate.

--eks-access-key-id

EKS access key ID.

--eks-secret-access-key

EKS secret access key.

--eks-region[=us-east-2]

EKS region.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--gcp-key-file-path

Path to file with the base64-encoded service account private key.

--gcp-key

Base64-encoded service account private key text.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

A comment about the target.

-a, --gke-account-email

GKE service account email.

--gke-account-key-file-path

File path to GKE service account key.

--gke-account-key

GKE service account key.

-e, --gke-cluster-endpoint

GKE cluster endpoint, i.e., cluster URI https://<DNS/IP>.

-c, --gke-cluster-ca-cert

GKE Base-64 encoded cluster certificate

--gke-cluster-name

GKE cluster name.

-i, --use-gw-cloud-identity

Use the Gateway's Cloud IAM.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

-e, --k8s-cluster-endpoint

K8S Cluster endpoint. https:// <DNS / IP> of the cluster.

-c, --k8s-cluster-ca-cert

K8S Cluster certificate. Base64-encoded certificate.

-t, --k8s-cluster-token

K8S Cluster authentication token.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--keep-prev-version

Boolean, set to true to keep the previous version.

--comment

Comment about the target.

--user

RabbitMQ server user.

--pwd

RabbitMQ server password.

--uri

RabbitMQ server URI.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--comment

A comment about the target.

--keep-prev-version

Boolean, set to true to keep the previous version.

--host

SSH hostname.

--port[=22]

SSH port.

--ssh-username

SSH username.

--ssh-password

SSH password to rotate.

--private-key-path

SSH private key file path.

--private-key

SSH private key.

--private-key-password

SSH private key password

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--new-comment

New comment about the target.

-k, --key

Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n , --name

**Y**

A name of the target to be updated. The name can include the path to the virtual folder in which you created the target, using slash / separators.

--new-name

New target name. The name can include the path to the new virtual folder, using slash / separators.

--comment

A comment about the target.

--keep-prev-version

Boolean, set to true to keep the previous version.

-u , --url

Web target URL.

-k, --key

Key name. The key will be used to encrypt the target secret value. If the key name is not specified, the account default protection key is used.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.

-n, --name

**Y**

A unique name of the target. The name can include a path to the virtual folder where you want to create a new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-u, --tenant-url

**Y**

The Salesforce tenant URL.

-i, --client-id

**Y**

The Client ID of the OAuth 2.0 app to use for connecting to Salesforce.

-s, --client-secret

**Y**

The Client secret of the OAuth 2.0 app to use for connecting to Salesforce.

-e, --email

**Y**

The email of the user attached to the OAuth 2.0 app that is used for connecting to Salesforce.

-p, --password

**Y**

The password of the user attached to the OAuth 2.0 app that is used for connecting to Salesforce.

-o, --security-token

**Y**

The security token of the user attached to the OAuth 2.0 app that used for connecting to Salesforce.

--new-name

The new name of the target.

--ca-cert-file-name

The name of the file containing a PEM certificate to use when uploading a new key to Salesforce.

--ca-cert-data

The base64-encoded PEM certificate to use when uploading a new key to Salesforce. It is used if the file name of the PEM certificate was not provided.

--ca-cert-name

The name of the certificate in the Salesforce tenant to use when uploading a new key.

-k, --key

The name of the key that will be used to encrypt the target secret value. If the key name is not specified, the account default protection key will be used.

--comment

A comment about the target.

--keep-prev-version

Whether to keep the previous version. Possible values: true, false. If not set, default value is used according to account settings.

--profile, --token

Use a specific profile (located at $HOME/.akeyless/profiles) or a temporary access token.