You can associate a classic key with a target (cloud KMS) when you create the key, or add this association at any time. When you associate a classic key with a target, you share the key with the cloud KMS, from where it can be used in the same way as any key created by the cloud provider. Akeyless remains responsible for managing the key lifecycle by providing secure storage, as well as full role-based access control, recording of key activities, and logging.
The CLI command to associate a classic key with a target is:
assoc-target-item --target-name <target-name> --name <classic key name>
- target-name: The name of the target you want to associate with the classic key.
- name: The name of the classic key you want to share with the specified target.
The full list of options for this command is:
assoc-target-item -t, --target-name *The target to associate -n, --name *The item to associate --profile Use a specific profile from your akeyless/profiles/ folder --username Optional username for various authentication flows --password Optional password for various authentication flows --uid-token The universal identity token, Required only for universal_identity authentication -h, --help display help information --json[=false] Set output format to JSON --no-creds-cleanup[=false] Do not clean local temporary expired creds
When you associate a classic key with a cloud KMS, you will find a new customer-managed key on the cloud KMS. The key alias is built as
managed-by-<account-id>-<item-id>, as shown in the following example:
Updated 12 months ago