The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Role Based Access Control

Akeyless RBAC follows least privilege principle, in order to limit access rights for users / machines to the bare minimum permissions they need to perform their work.
Akeyless supports several types of Auth methods - API key, Okta, SAML, LDAP, Azure AD, OpenID and Universal Identity.

We associate specific clients with a certain auth method to a role, allowing multiples of each, in order to increase operational flexibility. The user can define any number of rules with permissions per each role.

CLI

Associate authentication method and a role:

akeyless create-auth-method --name client1
akeyless create-role --name role1

Enable all role's auth methods associated to access all items under '/path/to/folder/' with read, create and update permission:

akeyless set-role-rule --role-name role1 --path /path/to/folder/* --capability read --capability create --capability update

Deny all role's auth methods associated to access the item '/path/to/folder/topSecret':

akeyless set-role-rule --role-name role1 --path /path/to/folder/topSecret --capability deny

Add client1 to the role1, so client1 will be able to access all items under '/path/to/folder/' apart from '/path/to/folder/topSecret':

akeyless assoc-role-am --role-name role1 --am-name client1

UI

Configure access role of "Jenkins environment" with API-key auth method ("Client1"), setting specific permissions per different paths.

📘

Please note

Sub claims is an additional layer of permissions that are relevant only to SAML, LDAP, OpenID, Okta (the specific list of permissions vary between auth methods).

Updated about a month ago

RBAC


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.