Sharing Static Secrets
You can securely share copies of static secret item types you’ve saved in Akeyless with anyone, even if they don’t use Akeyless or are part of your organization based on a well-defined TTL.
When you share an item, you’ll get a unique link that you need to share with those users. Choose when the link expires and who are the specific users that will be able to access it.
For security purposes, only the users you've specified their email will be able to access the item using this link
Sharing Static Secret Items from the Akeyless Console
Log in to the Akeyless Console, and go to Secrets & Keys > Choose the relevant Static Secret.
Click on the item menu on the upper right and click Share.
Choose when the link expires and who to share it with. If you choose to share the item with only some people, enter each email address and press Return or Enter
Click Copy, then send the link to the person or people you want to share the item with, like in an email or text message. After they verify their email address, they’ll have access to the item
To view a shared item, click or tap the link you were sent to open it in your browser. After you’ve verified your email address, you can view and copy the item or other item details that were shared with you until the link expires.
Sharing Static Secret Items from the Akeyless CLI
To share an item in the CLI, or to view the previous shares of the item, use the following command:
akeyless share-item -n <item name> -a <action to perform> -e <email address>
-n, --item-name: The name of the item to examine, this parameter is mandatory
-a, --action: The action to perform on the item, you may choose
shareto share an item,
stopto stop sharing an item, or
describeto see with what addresses it was already shared, this parameter is mandatory.
-e, --email: List of emails to start/stop sharing the secret with, To specify multiple emails use argument multiple times (
-e email1 -e email2etc.). This parameter is mandatory for
Managing Shared Items
Once an item has been shared, a full auditing activity is logged into Akeyless audit logs, to remove a user from an item, Admins or the item owners can remove those users from the sharing list.
Navigate to the shared item, and remove the relevant email address from the Recipient email address list.
Admins can easily find new temporary Access Roles for those users who received temporary access. Simply delete those temporary Access Roles to revoke the share.
Updated 2 months ago