CLI Reference - Universal Secrets Connector

The External Secrets Manager has been renamed Universal Secrets Connector. All esm commands will still work as expected.

Universal Secrets Connector

This section outlines the CLI commands relevant to Universal Secrets Connector.

General Flags:

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token

--uid-token: The universal identity token, Required only for universal_identity authentication

-h, --help: Display help information

--json[=false]: Set output format to JSON

--jq-expression: JQ expression to filter result output

--no-creds-cleanup[=false]: Do not clean local temporary expired creds

create-usc

Creates a new Universal Secrets Connector

Usage
akeyless create-usc \
--name <USC name> \
--target-to-associate <target to associate>
Flags

-n, --name: Required, Universal Secrets Connector name

-a, --target-to-associate :Required, Target Universal Secrets Connector to connect

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--description :Description of the Universal Secrets Connector

-t, --tag: List of the tags attached to this Universal Secrets Connector. To specify multiple tags use the argument multiple times: -t Tag1 -t Tag2

-v, --azure-kv-name: Azure Key Vault name (Relevant only for Azure targets)

-s, --k8s-namespace: K8s namespace (Relevant to Kubernetes targets)

--delete-protection: Protection from accidental deletion of this item, [true/false]

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token

--uid-token: The universal identity token, Required only for universal_identity authentication

-h, --help: Display help information

--json[=false]: Set output format to JSON

--jq-expression: JQ expression to filter result output

--no-creds-cleanup[=false]: Do not clean local temporary expired creds

USC Sub-Commands

After creating a USC, you will need to use these sub-commands, prefixed with usc, to further interact with it.

usc

This command only has one parameter, -h, and it will display a list of the other usc commands.

create

Create a new secret in an existing USC

Usage
usc create \
--usc-name <usc name> \
--secret-name <Secret name> \
--value <secret value>
Flags

-n, --usc-name:Required, USC name

-u, --gateway-url[=http://localhost:8000]:API Gateway URL (Configuration Management port)

-s, --secret-name:Required,Name for the new external secret

-v, --value:Required,Value of the external secret item, either text or base64 encoded binary

-b, --binary-value:Use this option if the external secret value is a base64 encoded binary

--description:Description of the external secret

--tags:Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2

delete

Delete a secret from an Universal Secrets Connector

Usage
usc delete \
--usc-name <usc name> \
--secret-id <Secret name or id>
Flags

-n, --usc-name: Required, USC name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector

get

Gets the value and internal details of a secret from an Universal Secrets Connector

Usage
usc get \
--usc-name <usc name> \
--secret-id <Secret name or id>
Flags

Parameter Description

-n, --usc-name: Required, USC name

-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token

--uid-token:The universal identity token, Required only for universal_identity authentication

-h, --help:Display help information

--json[=false]:Set output format to JSON

--jq-expression:JQ expression to filter result output

--no-creds-cleanup[=false]:Do not clean local temporary expired creds

list

Lists the secrets within the Universal Secrets Connector

Usage
akeyless usc list --usc-name <USC name>
Flags

-n, --usc-name: Required, USC name

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

--profile, --token: Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token

--uid-token: The universal identity token, Required only for universal_identity authentication

-h, --help: Display help information

--json[=false]: Set output format to JSON

--jq-expression: JQ expression to filter result output

--no-creds-cleanup[=false]: Do not clean local temporary expired creds

update

Update an existing secret within the Universal Secrets Connector

Usage
usc update \
--usc-name <usc name> \
--secret-id <Secret name or id> \
--value <secret value>
Flags

-n, --usc-name: Required, USC name

-s, --secret-id: Required, The secret id (or name, for AWS, Azure or K8s targets) to get from the Universal Secrets Connector

-u, --gateway-url[=http://localhost:8000]: API Gateway URL (Configuration Management port)

-v, --value: Required,Value of the external secret item, either text or base64 encoded binary

-b, --binary-value: Use this option if the external secret value is a base64 encoded binary

--description: Description of the external secret

--tags: Tags for the external secret. Should be provided as --tags tag1=value1 --tags tag2=value2