Create an LDAP Rotated Secret
You can create a rotated secret for an LDAP user before you get started, make sure you have created an LDAP Target that includes the LDAP server information, as well as credentials for a user authorized to change the LDAP users credentials.
Create an LDAP Rotated Secret from the CLI
Let’s create an LDAP rotated secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Gateway UI instead.
The CLI command to create an LDAP rotated secret is:
akeyless create-rotated-secret --name <secret name> \
--target-name <LDAP target name to associate> \
--rotator-type ldap \
----rotated-username <username> \
--user-dn <Base DN to preform user search> \
--auto-rotate <true|false> \
--rotation-interval <1-365> \
--rotation_hour <hour in UTC>
where:
- name: A unique name for the rotated secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash
/
separators. If the folder does not exist, it will be created together with the secret. - rotator-type: should be set to
ldap
. - --rotated-username: The username which is password will be rotate.
- target-name: The name of the LDAP target with which the rotated secret should be associated.
- auto-rotate: Optional, only required when the rotated secret should update the credentials. If this value is defined as true, specify the
rotation-interval
in days, and optionally also therotation_hour.
Create an LDAP Rotated Secret from the Akeyless Gateway UI
Let’s create an LDAP rotated secret using the Akeyless Gateway UI. If you’d prefer, see how to do this from the Akeyless CLI instead.
-
Log in to the Akeyless Gateway, and select Rotated Secret > New > Create new rotated secret.
-
Give the rotated secret a name, and define where it should be saved.
-
Define the rest of the rotated secret settings as follows:
Field | Description |
---|---|
Authenticate with the following credentials | Determines how to connect to the associated target:
Select |
Rotation interval (in days) | Defines the number of days (1-365) to wait between automatic password rotations when Auto Rotate is enabled. |
Rotation hour (local time zone) | Defines the time the password is rotated when Auto Rotate is enabled. |
Auto rotate | Determines if automatic rotation is enabled. |
Target | Defines the name of the LDAP target to be associated with the secret. |
Rotator type | Determines the rotator type: |
Encrypt with the following Key | To enable zero-Knowledge, select a key with a Customer Fragment. For more information about zero-knowledge, see Implement Zero Knowledge. |
Username | The username which is password will be rotated. |
User Base DN | LDAP Base DN settings. |
LDAP User Attribute | Optional Default set to CN. |
Updated 7 months ago