When you create a static secret, you need to name it and provide the secret value. All secret values are encrypted using patented Akeyless Distributed Fragment Cryptography™ (DFC) technology.

Create a Static Secret from the Akeyless CLI

Let’s create a static secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

The CLI command to create a static secret is:

$  akeyless create-secret --name <secret name> --value <secret value>
A new secret named <secret name> was successfully created

where:

• name: A unique name for the secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret. The name cannot include special characters, except for a hyphen -, dot . , or underscore _.
• value: The value of the secret. The value length should be 16KB.

For example, to create a secret in the Admin folder called AdminCredentials with the value Admin101!, type:

$ akeyless create-secret --name /Admin/AdminCredentials --value Admin101!
A new secret named /Admin/AdminCredentials was successfully created

Options

The full list of options for this command is:

-n, --name                      *Secret name
  -v, --value                     *The secret value
  -m, --metadata                   Metadata about the secret
  -t, --tag                        List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
  -k, --key                        The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used)
      --multiline                  The provided value is a multiline value (separated by '
')
      --profile                    Use a specific profile from your akeyless/profiles/ folder
      --username                   Optional username for various authentication flows
      --password                   Optional password for various authentication flows
      --uid-token                  The universal identity token, Required only for universal_identity authentication
  -h, --help                       display help information
      --json[=false]               Set output format to JSON
      --no-creds-cleanup[=false]   Do not clean local temporary expired creds

👍

For details about these options, see the CLI Command Reference.

Next, assign the static secret to an access role that defines who can access the secret value, and with what permissions. For details, see Add a Static Secret to an Access Role.

Create a Static Secret from the Akeyless Console

Let’s create a static secret using the Akeyless Console. If you’d prefer, see how to do this from the Akeyless CLI instead.

1. Log in to the Akeyless Console and go to Secrets & Keys > New > Static Secret.

2. Define a Name for the secret, and optionally specify the Location as a path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret. The name cannot include special characters, except for a hyphen -, dot . , or underscore _.

3. Define the remaining parameters as follows:

   • Description: Optional, enter a description of the secret.
   • Tags: Optional, select one or more tags for the secret, or enter the name of a new tag to be added as part of the secret creation.
   • Encrypt secret with the following key: Select the encryption key with which to encrypt the dynamic secret (if your system includes multiple encryption keys). Otherwise, select Default.
   • Value: Enter the value of the secret. The value length should be 16KB.

4. Select Save.