Kubernetes Universal Secrets Connector
This page discusses the creation of Kubernetes Universal Secrets Connectors. If you wish to create a Universal Secrets Connector for a different cloud service, please go to the matching doc, as they have varying parameters.
Working With Universal Secrets Connector from the Console
This section will discuss the different commands necessary to handle USCs. While the initial creation command is a regular Akeyless command, management of USCs is done through a set of sub-commands, that all have the prefix usc
added to them, as will be shown later in this section. If the prefix is not added to these sub-commands, they will not work.
Creating a USC
To create a USC, use the following command:
akeyless create-usc --name <name> --target-to-associate <target name> --k8s-namespace <kubernerets namespace>
The main parameters are:
-
name
: Name for the Universal Secrets Connector. You may specify the location by adding a path to the virtual folder where you want to create the new Universal Secrets Connector, using slash/
separators. If the folder does not exist, it will be created along with the Universal Secrets Connector. -
target-to-associate
: An existing Target that points to your desired endpoint. -
k8s-namespace
: Kubernetes namespace
Additional parameters can be found in the CLI Reference.
Listing USC Secrets
To list the secrets saved on your USC, use the following command:
akeyless usc list -n <usc name>
The output should look as follows:
{
"secrets_list": [
{
"secret_id": "<secret id>",
"name": "<secret name>",
"created": "<timestamp>",
"type": "<type>",
"status": <activity status, true/false>
}
]
}
Fetching a Secret from the USC
To view a secret from your USC, use the following command:
akeyless usc get --usc-name <usc name> --secret-id <secret id or name>
The main parameters are:
-
usc-name
: Name of the Universal Secrets Connector. -
secret-id
: The name or ID of the secret you would like to fetch.
Additional parameters can be found in the CLI Reference.
The output should look as follows:
{
"value": "<base64 encoded value>",
"metadata": {
"created": "<timestamp>",
"updated": "<timestamp>"
}
}
Adding a New Secret to a USC
To create a new secret in your USC, use the following command:
akeyless usc create --usc-name <usc name> --secret-id <secret id or name> --value <secret value>
The main parameters are:
-
usc-name
: Name of the Universal Secrets Connector. -
secret-name
: The name of the secret you would like to create. -
value
: The value of the secret you would like to create, plaintext or base64 encoded.
Additional parameters can be found in the CLI Reference.
Updating an Existing USC secret
To update an existing secret in your USC, use the following command:
akelyess usc update --usc-name <usc name> --secret-id <secret id or name> --value <new secret value>
Additional parameters can be found in the CLI Reference.
Deleting an Existing USC secret
To delete an existing secret in your USC, use the following command:
akelyess usc delete --usc-name <usc name> --secret-id <secret id or name>
Additional parameters can be found in the CLI Reference.
Creating an Universal Secrets Connector from the Console
-
Log in to the Akeyless Console, and go to Items > New > Universal Secrets Connector.
-
Select the Kubernetes secret type and click Next.
-
Define a Name of the Universal Secrets Connector, and specify the Location as a path to the virtual folder where you want to create the new Universal Secrets Connector, using slash
/
separators. If the folder does not exist, it will be created along with the Universal Secrets Connector. -
Define the remaining settings as follows:
-
Description: Optional, enter a description of the Universal Secrets Connector.
-
Tags: Optional, select one or more tags for the Universal Secrets Connector, or enter the name of a new tag to be added as part of the creation process.
-
Delete Protection: Optional, turn on this setting to protect the item from deletion
-
Target: Select an existing K8s Target.
-
Gateway: Select the desired corresponding Gateway.
-
Namespace: Kubernetes namespace.
- Click Finish.
Kubernetes Universal Secrets Connectors
Once connected to a Target, you will be able to access the Universal Secrets Connector in your Akeyless console page, which will allow you to manage your Universal Secrets, as well as display the following information about the secret:
-
Name: Secret name
-
Type: Secret type
-
Age: Secret age displayed in seconds (S), minutes (M), hours (H), or days (D)
More information and secret value can be viewed by selecting a specific secret, additionally, you will have the option to perform actions on the secret.
Updated 5 months ago