The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Encryption Keys

The Akeyless Vault Platform combines the capabilities of an HSM and a KMS to provide enhanced key-life cycle management, including cryptographic key generation, protection, versioning/rotation, and using keys with Encryption-as-a-Service and Digital Signing functions.

Akeyless Vault supports a wide range of encryption keys , including:

  • AES128GCM
  • AES256GCM
  • AES128SIV
  • AES256SIV
  • RSA1024
  • RSA2048

The typical flow for working with Encryption Keys is:

  • Create an Encryption Key: Get started by creating a new Encryption Key.
$ akeyless create-key -n MyAES128GCMKey -a AES128GCM 
=====================
Encryption Key Fragment #0 created successfully in 428ns milliseconds
Encryption Key Fragment #1 created successfully in 429ns milliseconds
=====================
A new AES128GCM key named MyAES128GCMKey was successfully created
$ akeyless create-key -n MyAES256GCMKey -a AES256GCM 
=====================
Encryption Key Fragment #0 created successfully in 428ns milliseconds
Encryption Key Fragment #1 created successfully in 429ns milliseconds
=====================
A new AES256GCM key named MyAES256GCMKey was successfully created
$ akeyless create-key -n MyAES128SIVKey -a AES128SIV 

=====================
Encryption Key Fragment #0 created successfully in 383ns milliseconds
Encryption Key Fragment #1 created successfully in 384ns milliseconds
=====================
A new AES128SIV key named MyAES128SIVKey was successfully created
$ akeyless create-key -n MyAES256SIVKey -a AES256SIV 

=====================
Encryption Key Fragment #0 created successfully in 383ns milliseconds
Encryption Key Fragment #1 created successfully in 384ns milliseconds
=====================
A new AES256SIV key named MyAES256SIVKey was successfully created
$ akeyless create-key -n MyRSAKey -a RSA1024

=====================
Encryption Key Fragment #0 created successfully in 1.273µs milliseconds
Encryption Key Fragment #1 created successfully in 1.274µs milliseconds
=====================
A new RSA1024 key named MyRSAKey was successfully created
$ akeyless create-key -n MyRSAKey -a RSA2048

=====================
Encryption Key Fragment #0 created successfully in 1.273µs milliseconds
Encryption Key Fragment #1 created successfully in 1.274µs milliseconds
=====================
A new RSA2048 key named MyRSAKey was successfully created

📘

Note:

To list all available options for key creation run this command:

akeyless create-key -h
  • Rotate an Encryption Key: When required, rotate an AES Encryption Key to generate another version of the key.
$ akeyless rotate-key -n MyAES256SIVKey
Key MyAES256SIVKey has been rotated successfully, new version: 2
  • Delete an Encryption Key: Delete an obsolete Encryption Key or an obsolete version of an Encryption Key.
$ akeyless delete-item -n MyAES256SIVKey            
Item MyAES256SIVKey set to be deleted on 2021-03-15 09:49:59.165173437 +0000 UTC
$ akeyless delete-item -n MyAES256SIVKey --version=1
Item MyAES256SIVKey version 1 set to be deleted on 2021-03-15 09:49:17.539641769 +0000 UTC
  • Get the public key from your RSA encryption key:
$ akeyless get-rsa-public -n MyRSAKey
- RAW: MIGfMA0GCSqGSI....QDANpBrvTLb0RaEsPbqhaV3m/13T5trDmW1J0M....Dca2/qoT99uLoObUySkRzXqcYl...3LnVRTP2TfgHrB+9PBMFbFa49ioQ3ri9THQIDAQAB
- SSH: ssh-rsa AAAAB3NzaC1yc2EAAAA....haV3m/13T5trDmW1J0MPfhbfX0Xf1BF+....ZL8cJoADca2/qoT99uLoObUySkRzXqcYlS....HqtP3LnVRTP2TfgHrB+9PBMFbFa49ioQ3ri9THQ==

Updated 7 months ago

Encryption Keys


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.