CLI Reference - Targets
Managing Targets
Managing Targets
assoc-target-item
assoc-target-item
Create an association between target and item
Please note: mandatory values for this command: -t, --target-name
, -n, --name
Usage
akeyless assoc-target-item --target-name <The target to associate> \
--name <The item to associate> \
--vault-name <Name of the vault used> \
--key-operations <List of allowed operations for the key>
Parameters
Parameter | Description |
---|---|
-t, --target-name | (Mandatory) The target to associate |
-n, --name | (Mandatory) The item to associate |
--vault-name | Name of the vault used. (Relevant only for Classic Key and target association. Required for azure targets) |
--key-operations | A list of allowed operations for the key. (Relevant only for Classic Key and target association. Required for azure targets) |
--project-id | Project id of the GCP KMS. (Relevant only for Classic Key and target association. Required for gcp targets) |
--location-id | Location id of the GCP KMS. (Relevant only for Classic Key and target association. Required for gcp targets) |
--keyring-name | Keyring name of the GCP KMS. (Relevant only for Classic Key and target association. Required for gcp targets) |
--purpose | Purpose if the key in GCP KMS. (Relevant only for Classic Key and target association. Required for gcp targets) |
--kms-algorithm | Algorithm of the key in GCP KMS. (Relevant only for Classic Key and target association, Required for gcp targets) |
--tenant-secret-type | The tenant secret type [Data/SearchIndex/Analytics]. (Relevant only for Classic Key and target association. Required for salesforce targets) |
--multi-region[=false] | Set to 'true' to create a multi-region managed key. (Relevant only for Classic Key AWS targets) |
--regions | The list of regions in which to create a copy of the key. (Relevant only for Classic Key AWS targets). To specify multiple regions use argument multiple times: --regions us-east-1 --regions us-west-1 |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
delete-assoc-target-item
delete-assoc-target-item
Delete an association between target and item
Please note: mandatory values for this command: -n, --name
Usage
akeyless delete-assoc-target-item --name <Item name> \
--assoc-id <Association id to be deleted. Not required if target name specified> \
--target-name <The target name with which association will be deleted>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Item name |
--id, --assoc-id | The association id to be deleted. Not required if target name specified |
-t, --target-name | The target name with which association will be deleted |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
delete-target
delete-target
Delete a target
Please note: mandatory values for this command: -n, --name
Usage
akeyless delete-target --name <Target name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-v, --target-version | Target version |
--force-deletion[=false] | Delete target even if it has associated items |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
delete-targets
delete-targets
Delete multiple targets from a given path
Please note: mandatory values for this command: -p, --path
Usage
akeyless delete-target --path <ath to delete the targets from>
Parameters
Parameter | Description |
---|---|
-p, --path | (Mandatory) Path to delete the targets from |
--force-deletion[=false] | Delete target even if it has associated items |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
get-target
get-target
Get target
Please note: mandatory values for this command: -n, --name
Usage
akeyless get-target --name <Target name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--show-versions[=false] | Include all target versions in reply |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
get-target-details
get-target-details
Get target details
Please note: mandatory values for this command: -n, --name
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-v, --target-version | Target version |
--show-versions[=false] | Include all target versions in reply |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
list-targets
list-targets
List of all targets in the account
Parameters
Parameter | Description |
---|---|
--filter | Filter by target name or part of it |
-t, --type | The target types list of the requested targets. In case it is empty, all types of targets will be returned. Options: [hanadb cassandra aws ssh gke eks mysql mongodb snowflake mssql redshift artifactory azure rabbitmq k8s venafi gcp oracle dockerhub ldap github chef web salesforce postgres] |
--pagination-token | Next page reference |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
Creating Targets
Creating Targets
create-aws-target
create-aws-target
Creates a new AWS target
Please note: mandatory values for this command: -n, --name
, --access-key-id
Usage
akeyless create-aws-target --name <Target name> \
--access-key-id <AWS access key ID> \
--access-key <AWS secret access key> \
--region <AWS region>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--access-key-id | (Mandatory) AWS access key ID |
--access-key | AWS secret access key |
--session-token | Required only for temporary security credentials retrieved using STS |
--region [=us-east-2] | AWS region |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-azure-target
create-azure-target
Creates a new azure target
Please note: mandatory values for this command: -n, --name
Usage
akeyless create-azure-target --name <Target name> \
--client-id <Azure client/application id> \
--tenant-id <Azure tenant id> \
--client-secret <Azure client secret>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--client-id | Azure client/application id |
--tenant-id | Azure tenant id |
--client-secret | Azure client secret |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--subscription-id | Azure Subscription Id |
--resource-group-name | The Resource Group name in your Azure Subscription |
--resource-name | The name of the relevant Resource |
-k, --key | Key name. The key is used to encrypt the target secret value. If the key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-db-target
create-db-target
Creates a new DB target
Please note: mandatory values for this command: -n, --name
, --db-type
Usage
akeyless create-db-target --name <Target name> \
--db-type <mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift> \
--user-name <Database user name> \
--host <Database host> \
--pwd <Database password>
--port <Database port>
--db-name <Database name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--db-type | (Mandatory) Database type: mysql/mssql/hanadb/postgres/mongodb/snowflake/oracle/cassandra/redshift |
--user-name | Database user name |
--host | Database host |
--pwd | Database password |
--port | Database port |
--db-name | Database name |
--db-server-certificates | Set of root certificate authorities in base64 encoding used by clients to verify server certificates |
--db-server-name | Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address |
--ssl[=false] | Enable/Disable SSL [true/false] |
--ssl-certificate | SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA) |
--snowflake-account | Snowflake account name |
--mongodb-atlas | Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target |
--mongodb-default-auth-db | MongoDB server default authentication database |
--mongodb-uri-options | MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB) |
--mongodb-atlas-project-id | MongoDB Atlas project ID |
--mongodb-atlas-api-public-key | MongoDB Atlas public key |
--mongodb-atlas-api-private-key | MongoDB Atlas private key |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-eks-target
create-eks-target
Creates a new EKS target
Please note: mandatory values for this command: -n, --name
, --eks-cluster-name
, --eks-cluster-endpoint
, --eks-cluster-ca-cert
Usage
akeyless create-eks-target --name <Target name> \
--eks-cluster-name <EKS cluster name> \
--eks-cluster-endpoint <EKS cluster endpoint> \
--eks-cluster-ca-cert <EKS cluster base-64 encoded certificate> \
--eks-access-key-id <EKS access key ID> \
--eks-secret-access-key <EKS secret access key> \
--eks-region <EKS region> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-e, --eks-cluster-name | (Mandatory) EKS cluster name |
-c, --eks-cluster-endpoint | (Mandatory) EKS cluster endpoint (i.e., https:// of the cluster) |
-t, --eks-cluster-ca-cert | (Mandatory) EKS cluster base-64 encoded certificate |
-i, --eks-access-key-id | EKS access key ID |
-s, --eks-secret-access-key | EKS secret access key |
-g, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--eks-region[=us-east-2] | EKS region |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-gcp-target
create-gcp-target
Creates a new GCP target
Please note: mandatory values for this command: -n, --name
Usage
akeyless create-gcp-target --name <Target name> \
--gcp-key-file-path <Path to file with the base64-encoded service account private key> \
--gcp-key <Base64-encoded service account private key text> \
--use-gw-cloud-identity <Use the GWs Cloud IAM> \
--key <Key name> \
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--gcp-key-file-path | Path to file with the base64-encoded service account private key |
--gcp-key | Base64-encoded service account private key text |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-gke-target
create-gke-target
Creates a new GKE target
Please note: mandatory values for this command: -n, --name
Usage
akeyless create-gke-target --name <Target name> \
--gke-account-email <GKE service account email> \
--gke-cluster-endpoint <GKE cluster endpoint> \
--gke-cluster-ca-cert <GKE Base-64 encoded cluster certificate> \
--gke-account-key-file-path <File path to GKE service account key>
--gke-cluster-name <GKE cluster name>
--key <Key name> \
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-a, --gke-account-email | GKE service account email |
-e, --gke-cluster-endpoint | GKE cluster endpoint, i.e., cluster URI https://<DNS/IP> |
-c, --gke-cluster-ca-cert | GKE Base-64 encoded cluster certificate |
--gke-account-key-file-path | File path to GKE service account key |
--gke-cluster-name | GKE cluster name |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-k8s-target
create-k8s-target
Creates a new K8S target
Please note: mandatory values for this command: -n, --name
, -e, --k8s-cluster-endpoint
, -c, --k8s-cluster-ca-cert
, -t, --k8s-cluster-token
Usage
akeyless create-k8s-target --name <Target name> \
--k8s-cluster-endpoint <K8S Cluster endpoint> \
--k8s-cluster-ca-cert <K8S Cluster certificate> \
--k8s-cluster-token <K8S Cluster authentication token>
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-e, --k8s-cluster-endpoint | (Mandatory) K8S Cluster endpoint. https:// , <DNS / IP> of the cluster |
-c, --k8s-cluster-ca-cert | (Mandatory) K8S Cluster certificate. Base 64 encoded certificate |
-t, --k8s-cluster-token | (Mandatory) K8S Cluster authentication token |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-rabbitmq-target
create-rabbitmq-target
Creates a new RabbitMQ target
Please note: mandatory values for this command: -n, --name
, --user
, --uri
Usage
akeyless create-rabbitmq-target --name <Target name> \
--user <RabbitMQ server user> \
--pwd <RabbitMQ server password> \
--uri <RabbitMQ server URI> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--user | (Mandatory) RabbitMQ server user |
--pwd | RabbitMQ server password |
--uri | (Mandatory) RabbitMQ server URI |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-ssh-target
create-ssh-target
Creates a new SSH target
Please note: mandatory values for this command: -n, --name
Usage
akeyless create-ssh-target --name <Target name> \
--host <SSH host name> \
--port <SSH port (Default = 22)> \
--ssh-username <SSH username> \
--ssh-password <SSH password to rotate> \
--private-key-path <SSH private key file path> \
--private-key <SSH private key> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--description | Target description |
--host | SSH host name |
--port[=22] | SSH port |
--ssh-username | SSH username |
--ssh-password | SSH password to rotate |
--private-key-path | SSH private key file path |
--private-key | SSH private key |
--private-key-password | SSH private key password |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-web-target
create-web-target
Creates a new web target
Please note: mandatory values for this command: -n, --name
, -u, --url
Usage
akeyless create-web-target --name <Target name> \
--url <Web target URL> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-u, --url | (Mandatory) Web target URL |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-artifactory-target
create-artifactory-target
Creates a new Artifactory target
Please note: mandatory values for this command: -n, --name
, -b, --base-url
, -a, --artifactory-admin-name
, -p, --artifactory-admin-pwd
Usage
akeyless create-artifactory-target --name <Target name> \
--base-url <Artifactory REST URL, must end with artifactory postfix> \
--artifactory-admin-name <Admin name> \
--artifactory-admin-pwd <Admin API Key/Password> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
-b, --base-url | (Mandatory) Artifactory REST URL, must end with artifactory postfix |
-a, --artifactory-admin-name | (Mandatory) Admin name |
-p, --artifactory-admin-pwd | (Mandatory) Admin API Key/Password |
-k, --key | The name of a key used to encrypt the target secret value (if empty, the account default protectionKey key will be used) |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-ping-target
create-ping-target
Creates a new Ping target
Usage
akeyless create-ping-target --name <Target name>\
--ping-url <Ping url>\
--privileged-user <Username>\
--password <Pasword>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
-u, --[ing-url | (Mandatory) Ping URL |
-s, --privileged-user | (Mandatory) Privileged user name |
-p, --password | (Mandatory) Privileged user Password |
-i, --administrative-port[=9999] | Ping Federate administrative port |
-j, --authorization-port[=9031] | Ping Federate authorization port |
-k, --key | The name of a key used to encrypt the target secret value (if empty, the account default protectionKey key will be used) |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-ldap-target
create-ldap-target
Creates a new LDAP target
Please note: mandatory values for this command: -n, --name
, -l, --ldap-url
, -b, --bind-dn
, -p, --bind-dn-password
Usage
akeyless create-ldap-target --name <Target name> \
--ldap-url <LDAP Server URL> \
--bind-dn <LDAP Bind DN> \
--bind-dn-password <Password for LDAP Bind DN> \
--server-type <Set Ldap server type (Deafult = OpenLDAP)> \
--ldap-ca-cert <LDAP base-64 encoded CA Certificate> \
--token-expiration <token-expiration>
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
-l, --ldap-url | (Mandatory) LDAP Server URL |
-b, --bind-dn | (Mandatory) LDAP Bind DN |
-p, --bind-dn-password | (Mandatory) Password for LDAP Bind DN |
-s, --server-type[=OpenLDAP] | Set Ldap server type, Options:[OpenLDAP, ActiveDirectory]. Default is OpenLDAP |
-t, --ldap-ca-cert | LDAP base-64 encoded CA Certificate |
--token-expiration | --token-expiration |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-github-target
create-github-target
Creates a new GitHub target
Please note: mandatory values for this command: -n, --name
Usage
akeyless create-github-target --name Target name \
--github-app-id <Github application id> \
--github-app-private-key <Github application private key (base64 encoded key)>
--github-base-url <Github base url (Deafult = https://api.github.com/> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--github-app-id | Github application id |
--github-app-private-key | Github application private key (base64 encoded key) |
--github-base-url[=https://api.github.com/] | Github base url |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used. |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-dockerhub-target
create-dockerhub-target
Creates a new Docker Hub target
Please note: mandatory values for this command: -n, --name
, --dockerhub-username
, --dockerhub-password
Usage
akeyless create-dockerhub-target --name <Target name> \
--dockerhub-usernam <Username for docker repository> \
--dockerhub-password <Password for docker repository> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--dockerhub-username | (Mandatory) Username for docker repository |
--dockerhub-password | (Mandatory) Password for docker repository |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
create-salesforce-target
create-salesforce-target
Creates a new Salesforce target
Please note: mandatory values for this command: -n, --name
, -u, --tenant-url
, -i, --client-id
, -e, --email
, -a, --auth-flow
Usage
akeyless create-salesforce-target --name <Target name> \
--tenant-url <Url of the Salesforce tenant> \
--client-id <Client ID of the oauth2 app to use for connecting to Salesforce> \
--email <The email of the user attached to the oauth2 app used for connecting to Salesforce> \
--auth-flow < type of the auth flow ('jwt' / 'user-password') \
--client-secret <Client secret of the oauth2 app to use for connecting to Salesforce> \
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
-u, --tenant-url | (Mandatory) Url of the Salesforce tenant |
-i, --client-id | (Mandatory) Client ID of the oauth2 app to use for connecting to Salesforce |
-e, --email | (Mandatory) The email of the user attached to the oauth2 app used for connecting to Salesforce |
-a, --auth-flow | (Mandatory) type of the auth flow ('jwt' / 'user-password') |
-s, --client-secret | Client secret of the oauth2 app to use for connecting to Salesforce (required for password flow) |
-f, --app-private-key-file-name | Name of the of file containing a PEM private key of the connected app (relevant for JWT auth only) |
--app-private-key-data | Base64 encoded PEM of the connected app private key (relevant for JWT auth only) |
-p, --password | The password of the user attached to the oauth2 app used for connecting to Salesforce (required for user-password flow) |
-o, --security-token | The security token of the user attached to the oauth2 app used for connecting to Salesforce (required for user-password flow) |
--ca-cert-file-name | Name of a file containing a PEM certificate to use when uploading new key to Salesforce |
--ca-cert-data | Base64 encoded PEM cert to use when uploading a new key to Salesforce. Used if file name was not provided. |
--ca-cert-name | name of the certificate in Salesforce tenant to use when uploading new key |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--description | Target description |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
Updating Targets
Updating Targets
update-target-details
update-target-details
Update target details
Parameters
Parameter | Description |
---|---|
-h, --help | display help information |
update-artifactory-target
update-artifactory-target
updates a new artifactory target
Please note: mandatory values for this command: -n, --name
, -b, --base-url
, -a, --artifactory-admin-name
, -p, --artifactory-admin-pwd
Usage
akeyless update-artifactory-target --name <Target name> \
--new-name <New target name>
--base-url <Artifactory REST URL> \
--artifactory-admin-name <Admin name> \
--artifactory-admin-pwd <Admin API Key/Password> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--new-name | New target name |
-b, --base-url | (Mandatory) Artifactory REST URL, must end with artifactory postfix |
-a, --artifactory-admin-name | (Mandatory) Admin name |
-p, --artifactory-admin-pwd | (Mandatory) Admin API Key/Password |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-aws-target
update-aws-target
Updates an existing aws target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-aws-target --name <Target name> \
--new-name <New target name> \
--access-key-id <AWS access key ID> \
--access-key <AWS secret access key> \
--region <AWS rigion (Default = us-east-2)> \
--use-gw-cloud-identity <Use the GWs Cloud IAM> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
--access-key-id | AWS access key ID |
--access-key | AWS secret access key |
--session-token | Required only for temporary security credentials retrieved using STS |
--region[=us-east-2] | AWS region |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-azure-target
update-azure-target
Updates an existing azure target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-azure-target --name <Target name> \
--new-name <New target name> \
--client-id <Azure client/application id> \
--tenant-id <Azure tenant id> \
--client-secret <Azure client secret> \
--use-gw-cloud-identity <Use the GWs Cloud IAM> \
--subscription-id <Azure Subscription Id> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
--client-id | Azure client/application id |
--tenant-id | Azure tenant id |
--client-secret | Azure client secret |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--subscription-id | Azure Subscription Id |
--resource-group-name | The Resource Group name in your Azure Subscription |
--resource-name | The name of the relevant Resource |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-db-target
update-db-target
Update an existing db target
Please note: mandatory values for this command: -n, --name
, -t, --db-type
Usage
akeyless update-db-target --name <Target name> \
--new-name <New target name> \
--db-type <mysql/mssql/postgres/mongodb/snowflake/cassandra/oracle/redshift> \
----user-name <Database user name> \
--host <Database host> \
--pwd <Database password> \
--port <Database port> \
--db-name <Database name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-t, --db-type | (Mandatory) Database type: mysql/mssql/postgres/mongodb/snowflake/cassandra/oracle/redshift |
--new-name | New target name |
--description | Target description |
--user-name | Database user name |
--host | Database host |
--pwd | Database password |
--port | Database port |
--db-name | Database name |
--db-server-certificates | Set of root certificate authorities in base64 encoding used by clients to verify server certificates |
--db-server-name | Server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address |
--snowflake-account | Snowflake account name |
--mongodb-atlas | Flag, set database type to "mongodb" and the flag to "true" to create Mongo Atlas target |
--mongodb-default-auth-db | MongoDB server default authentication database |
--mongodb-uri-options | MongoDB server URI options (e.g. replicaSet=mySet&authSource=authDB) |
--mongodb-atlas-project-id | MongoDB Atlas project ID |
--mongodb-atlas-api-public-key | MongoDB Atlas public key |
--mongodb-atlas-api-private-key | MongoDB Atlas private key |
--ssl[=false] | Enable/Disable SSL [true/false] |
--ssl-certificate | SSL CA certificate in base64 encoding generated from a trusted Certificate Authority (CA) |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-eks-target
update-eks-target
Updates an existing eks target
Please note: mandatory values for this command: -n, --name
, -c, --eks-cluster-name
, -e, --eks-cluster-endpoint
, -r, --eks-cluster-ca-cert
, -i, --eks-access-key-id
, -s, --eks-secret-access-key
Usage
akeyless update-eks-target--name <Target Name> \
--new-name <New target name> \
--eks-cluster-name <EKS cluster Name> \
--eks-cluster-endpoint <EKS Cluster Endpoint> \
--eks-cluster-ca-cert <EKS Cluster Certificate \
--eks-access-key-id <EKS Access ID> \
--eks-secret-access-key <EKS Secret Access Key>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-c, --eks-cluster-name | (Mandatory) EKS cluster name |
-e, --eks-cluster-endpoint | (Mandatory) EKS cluster endpoint (i.e., https:// of the cluster) |
-r, --eks-cluster-ca-cert | (Mandatory) EKS cluster base-64 encoded certificate |
-i, --eks-access-key-id | (Mandatory) EKS access key ID |
-s, --eks-secret-access-key | (Mandatory) EKS secret access key |
-g, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--new-name | New target name |
--description | Target description |
--eks-region[=us-east-2] | EKS region |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-gcp-target
update-gcp-target
Update an existing gcp target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-gcp-target --name <Target Name> \
--new-name <New target name> \
--gcp-key-file-path <Path to file with the base64-encoded service account private key> \
--gcp-key <Base64-encoded service account private key text>
--use-gw-cloud-identity <Use the GWs Cloud IAM> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
--gcp-key-file-path | Path to file with the base64-encoded service account private key |
--gcp-key | Base64-encoded service account private key text |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-gke-target
update-gke-target
Updates an existing gke target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-gke-target --name <Target Name> \
--new-name <New target name> \
--gke-account-email <GKE service account email> \
--gke-cluster-endpoint <GKE cluster endpoint> \
--gke-cluster-ca-cert <GKE Base-64 encoded cluster certificate> \
--gke-account-key-file-path <File path to GKE service account key> \
--gke-account-key <GKE service account key> \
--gke-cluster-name <GKE cluster name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-a, --gke-account-email | GKE service account email |
-e, --gke-cluster-endpoint | GKE cluster endpoint, i.e., cluster URI https://<DNS/IP> |
-c, --gke-cluster-ca-cert | GKE Base-64 encoded cluster certificate |
--gke-account-key-file-path | File path to GKE service account key |
--gke-account-key | GKE service account key |
--gke-cluster-name | GKE cluster name |
--new-name | New target name |
-i, --use-gw-cloud-identity | Use the GW's Cloud IAM |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-k8s-target
update-k8s-target
Updates an existing k8s target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-k8s-target --name <Target Name> \
--new-name <New target name> \
--k8s-cluster-endpoint <K8S Cluster endpoint> \
--k8s-cluster-ca-cert <K8S Cluster certificate> \
--k8s-cluster-token <K8S Cluster authentication token>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
-e, --k8s-cluster-endpoint | (Mandatory) K8S Cluster endpoint. https:// , <DNS / IP> of the cluster |
-c, --k8s-cluster-ca-cert | (Mandatory) K8S Cluster certificate. Base 64 encoded certificate |
-t, --k8s-cluster-token | (Mandatory) K8S Cluster authentication token |
--new-name | New target name |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-rabbitmq-target
update-rabbitmq-target
Update an existing new rabbitmq target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-rabbitmq-target --name <Target Name> \
--new-name <New target name> \
--user <RabbitMQ server user> \
--pwd <RabbitMQ server password> \
--uri <RabbitMQ server URI> \
--key <Key name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
--user | RabbitMQ server user |
--pwd | RabbitMQ server password |
--uri | RabbitMQ server URI |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-ssh-target
update-ssh-target
Update an existing ssh target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-ssh-target --name <Target Name> \
--new-name <New target name> \
--host <SSH host name> \
--port <SSH port (Deafult = 22)> \
--ssh-username <SSH username> \
--ssh-password <SSH password to rotate>\
--private-key-path <SSH private key file path>\
--private-key <SSH private key>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
--host | SSH host name |
--port[=22] | SSH port |
--ssh-username | SSH username |
--ssh-password | SSH password to rotate |
--private-key-path | SSH private key file path |
--private-key | SSH private key |
--private-key-password | SSH private key password |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-target
update-target
Update target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-target --name <Target Name> \
--new-name <New target name>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New Target name |
--description[=default_description] | New target description, if none is given, the existing description will remain |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-web-target
update-web-target
Update an existing web target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-web-target --name <Target Name> \
--new-name <New target name> \
--url <Web target URL>
Parameters
Parameter | Description |
---|---|
-n , --name | (Mandatory) Target name |
--new-name | New target name |
--description | Target description |
-u , --url | Web target URL |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-salesforce-target
update-salesforce-target
Updates the Salesforce target
Please note: mandatory values for this command: -n, --name
, -u, --tenant-url
, -i, --client-id
, -e, --email
, -a, --auth-flow
Usage
akeyless update-salesforce-target --name <Target name> \
--new-name <New target name> \
--tenant-url <URL of the Salesforce tenant> \
--client-id <Client ID of the oauth2 app to use for connecting to Salesforce> \
--email <The email of the user attached to the oauth2 app used for connecting to Salesforce> \
--auth-flow <type of the auth flow ('jwt' / 'user-password')> \
--client-secret <Client secret of the oauth2 app to use for connecting to Salesforce>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--new-name | New target name |
-u, --tenant-url | (Mandatory) Url of the Salesforce tenant |
-i, --client-id | (Mandatory) Client ID of the oauth2 app to use for connecting to Salesforce |
-e, --email | (Mandatory) The email of the user attached to the oauth2 app used for connecting to Salesforce |
-a, --auth-flow | (Mandatory) type of the auth flow ('jwt' / 'user-password') |
-s, --client-secret | Client secret of the oauth2 app to use for connecting to Salesforce (required for password flow) |
-f, --app-private-key-file-name | Name of the of file containing a PEM private key of the connected app (relevant for JWT auth only) |
--app-private-key-data | Base64 encoded PEM of the connected app private key (relevant for JWT auth only) |
-p, --password | The password of the user attached to the oauth2 app used for connecting to Salesforce (required for user-password flow) |
-o, --security-token | The security token of the user attached to the oauth2 app used for connecting to Salesforce (required for user-password flow) |
--ca-cert-file-name | Name of a file containing a PEM certificate to use when uploading new key to Salesforce |
--ca-cert-data | Base64 encoded PEM cert to use when uploading a new key to Salesforce. Used if file name was not provided. |
--ca-cert-name | name of the certificate in Salesforce tenant to use when uploading new key |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-dockerhub-target
update-dockerhub-target
updates an existing dockerhub target
Please note: mandatory values for this command: -n, --name
, --dockerhub-username
, --dockerhub-password
Usage
akeyless update-dockerhub-target --name <Target Name> \
--new-name <New target name>
--dockerhub-username <Username for docker repository> \
--dockerhub-password <Password for docker repository>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--new-name | New target name |
--dockerhub-username | (Mandatory) Username for docker repository |
--dockerhub-password | (Mandatory) Password for docker repository |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-github-target
update-github-target
updates a new github target
Please note: mandatory values for this command: -n, --name
Usage
akeyless update-github-target --name <Target Name> \
--new-name <New target name> \
--github-app-id <Github application id> \
--github-app-private-key <Github application private key> \
--github-base-url <Github base url (Deafult = https://api.github.com>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
--new-name | New target name |
--github-app-id | Github application id |
--github-app-private-key | Github application private key (base64 encoded key) |
--github-base-url[=https://api.github.com/] | Github base url |
--description | Target description |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
update-ldap-target
update-ldap-target
updates a new ldap target
Please note: mandatory values for this command: -n, --name
, -l, --ldap-url
, -b, --bind-dn
, -p, --bind-dn-password
Usage
akeyless update-ldap-target --name <Target Name> \
--new-name <New target name> \
--ldap-url <LDAP Serve URL> \
--bind-dn <LDAP Bind DN> \
--bind-dn-password <Password for LDAP Bind DN> \
--server-type <Set Ldap server type, Options:[OpenLDAP, ActiveDirectory]>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) Target name |
-l, --ldap-url | (Mandatory) LDAP Server URL |
-b, --bind-dn | (Mandatory) LDAP Bind DN |
-p, --bind-dn-password | (Mandatory) Password for LDAP Bind DN |
-s, --server-type | Set Ldap server type, Options:[OpenLDAP, ActiveDirectory] |
--new-name | New target name |
--description | Target description |
-t, --ldap-ca-cert | LDAP base-64 encoded CA Certificate |
--token-expiration | LDAP token expiration in seconds |
-k, --key | Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used |
--update-version | [Deprecated: Use keep-prev-version instead] Whether to create a new version |
--keep-prev-version | Whether to keep previous version, options:[true, false]. If not set, use default according to account settings |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
Updated 6 days ago