CLI Reference - Static Secrets
This section outlines the CLI commands relevant to Static Secrets.
General Flags:
--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--uid-token: The universal identity token, Required only for universal_identity authentication
-h, --help: Display help information
--json[=false]: Set output format to JSON
--jq-expression: JQ expression to filter result output
--no-creds-cleanup[=false]: Do not clean local temporary expired creds
create-secret
create-secret
Creates a new static secret item
Usage
akeyless create-secret \
--name <Secret name> \
--value <Secret value> \
--type <generic/password>
Flags
--name: Required, Secret name
--type[=generic]: The secret sub type [generic/password]
--value: Required, The secret value (relevant only for type generic)
-f, --format[=text]: Secret format [text/json / key-value] (relevant only for type 'generic')
--url, --inject-url: Comma separated list of URLs associated with the item (only relevant for type 'password')
-p, --password: The password value (relevant for "password manager" only)
-u, --username: The username value (relevant for "password manager" only)
-c, --custom-field: Additional custom fields to associate with the item, to specify multiple fields repeat the argument: --custom-field fieldName1=value1 -c fieldName2=value2 (only relevant for type 'password')
--accessibility[=regular]: In case of an item in a user's personal folder [regular/personal]
-t, --tag: List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 -t Tag2
-k, --key: The name of a key that used to encrypt the secret value (if empty, the account default protection key will be used)
--multiline: The provided value is a multiline value (separated by '\n')
--max-versions: Set the maximum number of versions, limited by the account settings defaults
--secure-access-enable: Enable/Disable secure remote access, 'true'/'false'
--secure-access-ssh-creds: Static-Secret values contains SSH Credentials, either Private Key or Password [password/private-key]
--secure-access-url: Destination URL to inject secrets
--secure-access-web-browsing[=false]: Secure browser via Akeyless Web Access Bastion
--secure-access-web-proxy[=false]: Web-Proxy via Akeyless Web Access Bastion
--secure-access-bastion-issuer: Path to the SSH Certificate Issuer for your Akeyless Bastion
--secure-access-host: Target servers for connections., For multiple values repeat this flag.
--secure-access-ssh-user: Override the SSH username as indicated in SSH Certificate Issuer
--secure-access-rdp-user: Remote Desktop Username
--description: Secret description
--delete-protection: Protection from accidental deletion of this item, [true/false]
--change-event: Trigger an event when a secret value changed, [True/False]
describe-item
describe-item
Get the item details
Usage
akeyless describe-item \
--name <item-name> \
--display-id <display id of the item> \
--item-id <Item-ID>
Flags
-n, --name: Item name
-d, --display-id: The display id of the item
-I, --item-id: Item id of the item
--show-versions[=false] : Include all item versions in reply
--gateway-details[=false]: Output will include additional gateway details (e.g cluster URL)
--bastion-details[=false]: Output will include additional bastion details
--services-details[=false]: Include all associated services details
--accessibility[=regular]: In case of an item in a user's personal folder [regular/personal]
See Commands for all items and objects and also Updating and versioning static secrets for details.
get-secret-value
get-secret-value
Get static secret value
Usage
akeyless get-secret-value --name <Secret Name>
Flags
--name: Required, Secret name
--version: Secret version, if negative value N is provided (--version=-N) the last N versions will return (maximum 20)
--ignore-cache[=false]: Retrieve the Secret value without checking the Gateway's cache [true/false]. This flag is only relevant when using the RestAPI
--accessibility[=regular]: In case of an item in a user's personal folder [regular/personal]
import-passwords
import-passwords
Import passwords from CSV file
Usage
akeyless import-passwords \
--import-path <Path/to/CSV/Filee> \
--format <source format>
Flags
-p, --import-path: Required, Path to the CSV file that contains passwords to import
--format[=LastPass]: Password format type [lastPass/chrome/firefox,1password,keeper,bitwarden,dashlane]
--accessibility[=personal]: Whether passwords should be imported to the user's personal folder [regular/personal]
--target-folder[=/]: Target folder for imported passwords
-k, --key: The name of a key that is used to encrypt the secret value (if empty, the account default protection key key will be used)
--update-mode[=skip]: Specify how to handle passwords that already exist (skip/update)
list-shared-items
list-shared-items
List shared items in the current account
rollback-secret
rollback-secret
Rollback secret to older version
Usage
akeyless rollback-secret \
--name <Secret Name> \
--old-version <Secret version>
Flags
--name: Required, Secret name
--old-version: Required, Old secret version to rollback to
share-item
share-item
Sharing item operation [start sharing/stop sharing/sharing describe]
Usage
akeyless share-item \
--item-name <Secret Name> \
--action <start/stop/describe> \
--email <Email list>
Flags
-n, --item-name: Required, The secret name (supported types: static secret)
-a, --action: Required, The action to perform [start/stop/describe]
-e, --email: List of emails to start/stop sharing the secret with, To specify multiple emails use argument multiple times: -e email1 -e email2
-t, --ttl: Availability of the shared secret in seconds
-v, --view-once[=false]: Shared secrets can only be viewed once [true/false]
--accessibility[=regular]: In case of an item in a user's personal folder [regular/personal]
update-secret-val
update-secret-val
Update static secret value
Usage
akeyless update-secret-val \
--name <Secret Name> \
--value <secret value>
Flags
--name: Required, Secret name
--value: Required, The updated secret value
--url, --inject-url: List of the URL associated with the item (relevant for "password manager" only)
-p, --password: The password value (relevant for "password manager" only)
-u, --username: The username value (relevant for "password manager" only)
-c, --custom-field: Additional custom fields to associate with the item, to specify multiple fields repeat the argument: --custom-field fieldName1=value1 -c fieldName2=value2 (only relevant for type 'password')
-k, --key: The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used)
--multiline: The provided value is a multiline value (separated by '\n')
--last-version: The last version number before the update
--new-version: [Deprecated: Use keep-prev-version instead] Whether to create a new version
--keep-prev-version: Whether to keep previous version, options:[true, false]. If not set, use default according to account settings
--accessibility[=regular]: In case of an item in a user's personal folder [regular/personal]
For other data, such as description or tags, use update-item as described in Commands for all items and objects.
Updated 8 days ago