CLI Reference - Gateway
This section outlines the CLI commands relevant to the Gateway.
General Flags:
--profile, --token
: Use a specific profile (located at $HOME/.akeyless/profiles
) or a temp access token
--uid-token
: The universal identity token, Required only for universal_identity authentication
-h, --help
: Display help information
--json[=false]
: Set output format to JSON
--jq-expression
: JQ expression to filter result output
--no-creds-cleanup[=false]
: Do not clean local temporary expired creds
Access Permissions
Commands for managing the access of users to your Gateway.
add-gw-access-id
add-gw-access-id
Grants Gateway access to users
Usage
akeyless add-gw-access-id \
--cluster-name <Cluster Name> \
--access-id <AccessID> \
--sub-claims <group=admins>
Flags
-c, --cluster-name
: Required, The name of the updated cluster
-a, --access-id
: Required, The Access ID
to be able to access the gateway
-s, --sub-claims
: key/val
of sub-claims, e.g group=admins,developers
create-allowed-access
create-allowed-access
Add users that will have permission to manage the Gateway
Usage
akeyless gateway-create-allowed-access \
--name <Allowed Access Name> \
--access-id <Access-ID> \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--description <Allowed Access description> \
--sub-claims <key/val of sub claims> \
--permissions <permissions for this allowed access>
Flags
-n, --name
: Required, Allowed access name
--access-id
: Required, The Access ID
to be attached to this allowed access
--description
: Allowed access description
-s, --sub-claims
: key/val
of sub-claims, e.g group=admins,developers
-p, --permissions
: Comma-separated list of permissions for this allowed access. Available permissions: [defaults
,targets
,classic_keys
,automatic_migration
,ldap_auth
,dynamic_secret
,k8s_auth
,log_forwarding
,zero_knowledge_encryption
,rotated_secret
,caching,event_forwarding
,admin
,kmip
,general
]
-c, --case-sensitive[=true]
: Treat sub-claims as case-sensitive
-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
update-allowed-access
update-allowed-access
Set users that will have permission to manage the Gateway
Usage
akeyless gateway-update-allowed-access \
--name <Allowed Access Name> \
--access-id <Access-ID> \
--new-name <New allowed access name> \
--gateway-url <API Gateway URL:8000> \
--description <Allowed Access description> \
--sub-claims <key/val of sub claims> \
--permissions <permissions for this allowed access>
Flags
-n, --name
: Required, Allowed access name
--access-id
: Required, The Access ID
to be attached to this allowed access
--new-name
: New allowed access name
--description
: Allowed access description
-s, --sub-claims
: key/val
of sub claims, e.g group=admins,developers
-p, --permissions
: Comma-seperated list of permissions for this allowed access. Available permissions: [defaults
,targets
,classic_keys
,automatic_migration
,ldap_auth
,dynamic_secret
,k8s_auth
,log_forwarding
,zero_knowledge_encryption
,rotated_secret
,caching
,event_forwarding
,admin
,kmip
,general
]
-c, --case-sensitive[=true]
: Treat sub claims as case-sensitive
-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
delete-gw-access-id
delete-gw-access-id
Denials Gateway access to users
Usage
akeyless delete-gw-access-id \
--cluster-name <Cluster Name> \
--access-id <Access ID>
Flags
-c, --cluster-name
: Required, The name of the updated cluster
-a, --access-id
: Required, The Access ID
to be able to access the gateway
Gateway Configuration
delete-gateway-cluster
delete-gateway-cluster
Deletes a gateway in the account
Usage
akeyless delete-gateway-cluster \
--cluster-name <Cluster Name> \
--force < true / flase>
Flags
-c, --cluster-name
: Required, Gateway Cluster, e.g. acc-abcd12345678/p-123456789012/defaultCluster
--force
: Deletes cluster even if there is an active gateway or associated secrets. All Gateway secrets will be deleted
get-config
get-config
Gets gateway configuration details
Usage
akeyless gateway-get-config \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
update-tls-cert
update-tls-cert
Updates TLS certificate in the Gateway
akeyless gateway-update-tls-cert \
--cert-data <TLS Certificate> \
--cert-file-name <Path/To/Certificate> \
--key-data <TLS Private Key> \
--key-file-name <Path/To/Key> \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
Flags
--cert-data
: TLS Certificate (base64 encoded), this flag is ignored if --cert-file-name
is supplied
--cert-file-name
: Path to the file containing the TLS Certificate, this flag is ignored if --cert-data
is supplied
--key-data
: TLS Private Key (base64 encoded), this flag is ignored if --key-file-name
is supplied
--key-file-name
: Path to the file containing the TLS Private Key, this flag is ignored if --key-data
is supplied
-u, --gateway-url[=http://localhost:8000]
: API Gateway URL (Configuration Management port)
get
get
akeyless gateway get
Command to get specified gateway configuration
Flags
cache
defaults
cache
cache
Get cache settings
Usage
akeyless gateway get cache \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
defaults
defaults
Get defaults settings
Usage
akeyless gateway get defaults \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
list
list
akeyless gateway list customer-fragments
Command to list the Customer Fragments on the Gateway
Usage
akeyless gateway list customer-fragments \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
update
update
akeyless gateway update
Command to update specified gateway configuration
Flags
cache
defaults
cache
cache
Updates cache settings
Usage
akeyless gateway update cache \
--enable-cache [true/false] \
--stale-timeout[=60] <Stale timeout in minutes> \
--enable-proactive [true/false] \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
Flags
--enable-cache
: Enable cache [true
/false
]
--stale-timeout[=60]
: Stale timeout in minutes, cache entries which are not accessed within timeout will be removed from cache
--enable-proactive
: Enable proactive caching [true
/false
]
--minimum-fetch-interval[=5]
: When using Cache or/and Proactive Cache, additional secrets will be fetched upon requesting a secret, based on the requestor's access policy. Define minimum fetching interval to avoid over fetching in a given time frame
--backup-interval[=1]
: Secure backup interval in minutes. To ensure service continuity in case of power cycle and network outage secrets will be backed up periodically per backup interval
-u, --gateway-url
: Gateway URL (Configuration Management port)
defaults
defaults
Updates defaults settings
Usage
akeyless gateway update defaults \
--saml-access-id[=use-existing] <saml-AccessID> \
--oidc-access-id[=use-existing] <oidc-AccessID> \
--cert-access-id[=use-existing] <cert-AccessID> \
--key[=Default] <gw encryption key> \
--event-on-status-change [true/false]
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
Flags
--saml-access-id[=use-existing]
: Default SAML access-id for UI login
--oidc-access-id[=use-existing]
: Default OIDC access-id for UI login
--cert-access-id[=use-existing]
: Default Certificate access-id for UI login
--key[=Default]
: The name of the gateway default encryption key
--event-on-status-change
: Trigger an event when Gateway status is changed [true
/false
]
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
Updated 4 months ago