Documentation
Start typing to search…

Part 2: Authentication & Authorization

Suggest Edit

Akeyless is primarily about authenticating identities and authorizing them to access secrets.

The platform serves two main types of identities: human and machine identities. "Machine" refers collectively to scripts, services, microservices, containers, VMs, and anything that is not run manually using a human identity.

Each identity is represented by an Authentication Method object. Akeyless supports several types of authentication methods: AWS IAM, Azure AD, GCP, OCI IAM, API key, Kubernetes Auth, SAML, LDAP, OIDC, OAuth2.0/JWT, Certificate, and Universal Identity (UID)™.

Each Authentication Method object is associated with an Access Role that grants permission (including Create, Read, Update, Delete, List, and Deny) to this identity on Secrets, Targets, Roles, and Authentication Method objects stored inside the Akeyless SaaS solution.

An example process with a machine identity is explored here:

The Akeyless platform begins with an authentication method creating an Identity. An Access Role is associated with the Identity. If the Identity is authorized, the secret data can be provided.

  1. A container requires credentials to connect to the SQL server. It uses its AWS IAM Role as an Authentication Method to authenticate with Akeyless.

  2. Akeyless checks permission in the Access Role associated with the corresponding Authentication Method object to make sure that the container can access the secret.

  3. Akeyless provides the secret to the container. The container uses the credentials to interact directly with the SQL database.

The process is the same for human identities.

Updated 6 days ago

What’s Next
Footer Section