CLI Reference - External Secrets Manager
External Secrets Manager
create-esm
create-esm
Creates a new External Secrets Manager
Usage
akeyless create-esm -n <ESM name> -a <target to associate>
Parameters
Parameter | Description |
---|---|
-n, --name | (Mandatory) External Secrets Manager name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--description | Description of the External Secrets Manager |
-t, --tag | List of the tags attached to this External Secrets Manager. To specify multiple tags use the argument multiple times: -t Tag1 -t Tag2 |
-a, --target-to-associate | (Mandatory) Target External Secrets Manager to connect |
-v, --azure-kv-name | Azure Key Vault name (Relevant only for Azure targets) |
-s, --k8s-namespace | K8s namespace (Relevant to Kubernetes targets) |
--delete-protection | Protection from accidental deletion of this item, [true/false] |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
ESM Sub-Commands
After creating an ESM, you will need to use these sub-commands, prefixed with esm
, to further interact with it.
esm
esm
This command only has one parameter, -h
, and it will display a list of the other esm
commands.
esm list
esm list
Lists the secrets within the External Secrets Manager
Usage
akeyless esm list --name <ESM name>
Parameters
Parameter | Description |
---|---|
-n, --esm-name | (Mandatory) ESM name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
--profile, --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
esm get
esm get
Gets the value and internal details of a secret from an External Secrets Manager
Usage
esm get --esm-name <esm name> --secret-id <Secret name or id>
Parameters
Parameter | Description |
---|---|
-n, --esm-name | (Mandatory) ESM name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
-s, --secret-id | (Mandatory) The secret id (or name, for AWS, Azure or K8s targets) to get from the External Secrets Manager |
--profile , --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
esm create
esm create
Create a new secret in an existing ESM
Usage
esm create --esm-name <esm name> --secret-name <Secret name> --value <secret value>
Parameters
Parameter | Description |
---|---|
-n, --esm-name | (Mandatory) ESM name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
-s, --secret-name | (Mandatory)Name for the new external secret |
-v, --value | (Mandatory)Value of the external secret item, either text or base64 encoded binary |
-b, --binary-value | Use this option if the external secret value is a base64 encoded binary |
--description | Description of the external secret |
--tags | Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2 |
--profile , --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
esm update
esm update
Update an existing secret within the External Secrets Manager
Usage
esm update --esm-name <esm name> --secret-id <Secret name or id> --value <secret value>
Parameters
Parameter | Description |
---|---|
-n, --esm-name | (Mandatory) ESM name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
-s, --secret-id | (Mandatory) The secret id (or name, for AWS, Azure or K8s targets) to get from the External Secrets Manager |
-v, --value | (Mandatory)Value of the external secret item, either text or base64 encoded binary |
-b, --binary-value | Use this option if the external secret value is a base64 encoded binary |
--description | Description of the external secret |
--tags | Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2 |
--profile , --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
esm delete
esm delete
Delete a secret from an External Secrets Manager
Usage
esm delete --esm-name <esm name> --secret-id <Secret name or id>
Parameters
Parameter | Description |
---|---|
-n, --esm-name | (Mandatory) ESM name |
-u, --gateway-url[=http://localhost:8000] | API Gateway URL (Configuration Management port) |
-s, --secret-id | (Mandatory) The secret id (or name, for AWS, Azure or K8s targets) to get from the External Secrets Manager |
--profile , --token | Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token |
--uid-token | The universal identity token, Required only for universal_identity authentication |
-h, --help | Display help information |
--json[=false] | Set output format to JSON |
--jq-expression | JQ expression to filter result output |
--no-creds-cleanup[=false] | Do not clean local temporary expired creds |
Updated 3 months ago