CLI Reference - Universal Secrets Connector
The External Secrets Manager has been renamed Universal Secrets Connector. All esm commands will still work as expected.
Universal Secrets Connector
This section outlines the CLI commands relevant to Universal Secrets Connector.
General Flags:
--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token: The universal identity token, Required only for universal_identity authentication
-h, --help: Display help information
--json[=false]: Set output format to JSON
--jq-expression: JQ expression to filter result output
--no-creds-cleanup[=false]: Do not clean local temporary expired creds
create-usc
create-usc
Creates a new Universal Secrets Connector
Usage
akeyless create-usc \
--name <USC name> \
--target-to-associate <target to associate>
Flags
-n, --name: Required, Universal Secrets Connector name
-a, --target-to-associate :Required, Target Universal Secrets Connector to connect
-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)
--description :Description of the Universal Secrets Connector
-t, --tag: List of the tags attached to this Universal Secrets Connector. To specify multiple tags use the argument multiple times: -t Tag1 -t Tag2
-v, --azure-kv-name: Azure Key Vault name (Relevant only for Azure targets)
-s, --k8s-namespace: K8s namespace (Relevant to Kubernetes targets)
--delete-protection: Protection from accidental deletion of this item, [true/false]
--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token: The universal identity token, Required only for universal_identity authentication
-h, --help: Display help information
--json[=false]: Set output format to JSON
--jq-expression: JQ expression to filter result output
--no-creds-cleanup[=false]: Do not clean local temporary expired creds
USC Sub-Commands
After creating a USC, you will need to use these sub-commands, prefixed with usc, to further interact with it.
usc
usc
This command only has one parameter, -h, and it will display a list of the other usc commands.
usc list
usc list
Lists the secrets within the Universal Secrets Connector
Usage
akeyless usc list --usc-name <USC name>
Flags
-n, --usc-name: Required, USC name
-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)
--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token: The universal identity token, Required only for universal_identity authentication
-h, --help: Display help information
--json[=false]: Set output format to JSON
--jq-expression: JQ expression to filter result output
--no-creds-cleanup[=false]: Do not clean local temporary expired creds
usc get
usc get
Gets the value and internal details of a secret from an Universal Secrets Connector
Usage
usc get \
--usc-name <usc name> \
--secret-id <Secret name or id>
Flags
Parameter Description
-n, --usc-name: Required, USC name
-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector
-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)
--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token:The universal identity token, Required only for universal_identity authentication
-h, --help:Display help information
--json[=false]:Set output format to JSON
--jq-expression:JQ expression to filter result output
--no-creds-cleanup[=false]:Do not clean local temporary expired creds
usc create
usc create
Create a new secret in an existing USC
Usage
usc create \
--usc-name <usc name> \
--secret-name <Secret name> \
--value <secret value>
Flags
-n, --usc-name:Required, USC name
-u, --gateway-url[=http://localhost:8000]:API Gateway URL (Configuration Management port)
-s, --secret-name:Required,Name for the new external secret
-v, --value:Required,Value of the external secret item, either text or base64 encoded binary
-b, --binary-value:Use this option if the external secret value is a base64 encoded binary
--description:Description of the external secret
--tags:Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2
usc update
usc update
Update an existing secret within the Universal Secrets Connector
Usage
usc update \
--usc-name <usc name> \
--secret-id <Secret name or id> \
--value <secret value>
Flags
-n, --usc-name: Required, USC name
-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector
-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)
-v, --value: Required,Value of the external secret item, either text or base64 encoded binary
-b, --binary-value: Use this option if the external secret value is a base64 encoded binary
--description: Description of the external secret
--tags: Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2
usc delete
usc delete
Delete a secret from an Universal Secrets Connector
Usage
usc delete \
--usc-name <usc name> \
--secret-id <Secret name or id>
Flags
-n, --usc-name: Required, USC name
-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)
-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector
Updated 4 months ago