The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Dynamic Secrets

Configuring Dynamic Secrets with Hashicorp Vault Proxy

Prerequsites

Create dynamic secret producer according to the documentation here.

Configuring Hashicorp Vault Proxy

  1. Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
  1. Now, you'll need to configure the authentication token that would be used by Vault CLI to fetch secrets from Akeyless Vault.
    Set your Akeyless token in ~/.vault-token
    Supported tokens:
    (a) Permanent token in the following structure: Access-ID+”..”+Access-Key, in example:
p-XXXXX..XXXXXXXXXXX

(b) Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.

Get dynamic secret with Vault CLI

vault read {producer-type}/creds/{full/path/to/producer-name}

Supported producer types:

"*"
"db"           
"mysql"
"mssql"
"mongodb"
"rdp"
"rabbitmq"
"chef"
"aws"

Example:

vault read */creds/prod/ds-db1
vault read db/creds/prod/ds-db1
vault read mysql/creds/prod/ds-db1

Key                Value
---                -----
lease_id           */creds/prod/ds-db1/vTyDFRr5m01gVaNBYsokIRop
lease_duration     768h
lease_renewable    true
password           of6B6IY/~+i$$Z80
username           tmp.rnnds.hOKbRAqI5j

vault read */creds/my-aws-producer
vault read aws/creds/my-aws-producer

Key                  Value
---                  -----
lease_id             */creds/my-aws-producer/25F5E8gupyoi2dQIynoM9nff
lease_duration       768h
lease_renewable      true
access_key_id        AKIA6IR7NIGBGGDIWW7I
secret_access_key    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
username             tmp.JJRXoSsvDuj1Dp

Updated 3 months ago

Dynamic Secrets


Configuring Dynamic Secrets with Hashicorp Vault Proxy

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.