A target is an endpoint for a secret, such as a database or a server. You can configure multiple secrets for the same endpoint, for example, to provide different teams in your organization with access to the target, with different permissions.

Akeyless currently supports SSH machine and AWS targets.

📘

Targets are supported from Akeyless Gateway 2.12.0 and Akeyless CLI 1.40.0. Ensure that your access role has the appropriate permissions to create targets.

Create SSH Target from the CLI

Let’s create a target using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Gateway UI instead.

The CLI command to create SSH target is:

akeyless create-ssh-target  /
--name <target name> /
--host <target hostname, like IP> /
--port <port, default 22> /
--user <SSH username>
--password <SSH password>

Options

-n, --name                      *Target name
      --comment                    Comment about the target
      --host                       SSH host name
      --port[=22]                  SSH port
      --ssh-username               SSH username
      --ssh-password               SSH password to rotate
      --private-key-path           SSH private key file path
      --private-key                SSH private key
      --private-key-password       SSH private key password
  -k, --key                        Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
      --profile                    Use a specific profile from your akeyless/profiles/ folder
      --username                   Optional username for various authentication flows
      --password                   Optional password for various authentication flows
      --uid-token                  The universal identity token, Required only for universal_identity authentication
  -h, --help                       display help information
      --json[=false]               Set output format to JSON
      --no-creds-cleanup[=false]   Do not clean local temporary expired creds

Create a Target from the Akeyless Gateway

Now let’s create a target from the Akeyless Gateway. If you’d prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Gateway, and select Target > New > SSH Target.

  2. Give the target a name, and define where it should be saved.

  3. Define the rest of the target settings as follows:

Field

Description

Hostname

Defines the SSH host name, such as an IP address.

Port

Defines the SSH port, by default 22.

Username

Defines the SSH username for connecting to the target.

Authentication Type

Determines the authentication type, either SSH Key or Password.

Password

Defines the SSH password. This is only required if the Authentication Type is Password.

Private Key

Defines the SSH key. This is only required if the Authentication Type is SSH Key.

Private Key Passphrase

Defines the SSH key password. This is only required if the Authentication Type is SSH Key.

Encrypt target with the following Key

To enable zero-Knowledge, select a key with a Customer Fragment. For more information about zero-Knowledge, see Implement Zero Knowledge.

Target CLI Commands

assoc-target-item                                Create an association between target and item
  create-aws-target                                Creates a new aws target
  create-azure-target                              Creates a new azure target
  create-db-target                                 Creates a new db target
  create-eks-target                                Creates a new eks target
  create-gcp-target                                Creates a new gcp target
  create-gke-target                                Creates a new gke target
  create-k8s-target                                Creates a new K8S target
  create-rabbitmq-target                           Creates a new rabbitmq target
  create-ssh-target                                Creates a new ssh target
  create-web-target                                Creates a new web target
  create-ldap-target                                                             Creates a new LDAP target
  delete-assoc-target-item                         Delete an association between target and item
  delete-target                                    Delete a target
  delete-targets                                   Delete multiple targets from a given path
  get-target                                       Get target
  get-target-details                               Get target details
  list-targets                                     Returns a list of all targets in the account
  update-aws-target                                Updates an existing aws target
  update-azure-target                              Updates an existing azure target
  update-db-target                                 Update an existing db target
  update-eks-target                                Updates an existing eks target
  update-gcp-target                                Update an existing gcp target
  update-gke-target                                Updates an existing gke target
  update-k8s-target                                Updates an existing k8s target
  update-rabbitmq-target                           Update an existing new rabbitmq target
  update-ssh-target                                Update an existing ssh target
  update-target                                    Update target
  update-target-details                            Update target details
  update-web-target                                Update an existing web target

Associate an Item with a Target

akeyless assoc-target-item --target-name <NAME> --item-name <NAME>

Set Role Permissions for a Target

akeyless set-role-rule --role-name /path/name_role --path /'*' --rule-type target-rule --capability read --capability update --capability list

Did this page help you?