The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Universal Identity

Introduction

Universal Identity enables you to identify your machines without the need for an initial secret.
Akeyless Universal Identity solves the Secrets Zero problem by providing inherited identity derived from parent system together with an ephemeral token for continuous authentication.

Create new auth method

UI

In order to create a new universal identity authentication credentials, go to Auth Methods tab, click on new and select Universal Identity.

CLI

akeyless create-auth-method-universal-identity --name uidAuth --ttl 1000 --profile adminProfile

Options:

CLI

UI

Description

--access-expires[=0]

Expiration Date

Access expiration date in Unix timestamp (select 0 for access without expiry date)

--bound-ips

Restricted IPs

A CIDR whitelist of the IPs that the access is restricted to

--deny-rotate

Deny Rotate

deny from root token to rotate

--deny-inheritance

Deny Inheritance

deny from root token to create children-tokens

--ttl

TTL

the root token time to live in minutes (every rotation the ttl is renewed)

Generate token

UI

CLI

akeyless uid-generate-token --auth-method-name uidAuth --profile adminProfile
Token: u-XXXXXXXX

Using uid-token

CLI

akeyless list-items --uid-token u-XXXXXXXX
...
akeyless get-secret-value -n MyFirstSecret --uid-token u-XXXXXXXX

curl

curl http://<api-gw-dns>:8080 -d "cmd=get-secret-value&name=MyFirstSecret&&uid-token=u-XXXXX"
curl http://<api-gw-dns>:8080 -d "cmd=list-items&&uid-token=u-XXXXX"

Create child token

UI

Right click on the node, select create-child-token option.

CLI

akeyless uid-create-child-token --uid-token u-XXXXXXXX
Child Token: u-XXXXXXXX2

** you can provide to uid-create-child-token the following flags:
 --comment,
 --child-ttl(if not provided it will inherit the global ttl),
 --child-deny-rotate(if true this token will not be able to rotate),
 --child-deny-inheritance(if true this token will not be able to create children-tokens of his own)

Revoke token

UI

Right click on the node, select revoke-token option.
CLI
===

akeyless uid-revoke-token --uid-token u-XXXX --revoke-token u-XXXX --revoke-type revokeSelf

--uid-token - authentication token
--revoke-token - the token to revoke (may be the same as uid-token)
--revoke-type: 1.revokeSelf delete only this token 2.revokeAll delete this token and his children

Get token tree

UI

Just open the UID tree.

CLI

akeyless uid-list-children --uid-token u-XXXXXXXX
Universal Identity Details:
 {
  "number_of_tokens": 2,
  "max_depth": 1,
  "root": {
    "id": "ywzsub3u4tbu",
    "comment": "root token",
    "ttl": 1000,
    "last_rotate": "2020-10-13 13:36:47 UTC",
    "expired_date": "2020-10-14 06:16:47 UTC",
    "children": {
      "ywzsub3u4tbunVCo": {
        "depth": 1,
        "id": "ywzsub3u4tbunVCo",
        "ttl": 1000,
        "last_rotate": "2020-10-13 13:41:00 UTC",
        "expired_date": "2020-10-14 06:21:00 UTC"
      }
    }
  }
}

Rotate token

CLI

akeyless uid-rotate-token --uid-token u-XXXXXXXX
ROTATED TOKEN: [u-XXXXXXXX2]

Read/write token form/to file:

echo u-XXXXXXXX > /tmp/token
akeyless uid-rotate-token -i /tmp/token -o /tmp/token

Backward compatible rotate:

akeyless rotate-token --token u-XXXXX

cURL:

curl http://localhost:8080 -d "cmd=uid-rotate-token&&uid-token=u-XXXXX"
(rotate bc:)
curl http://localhost:8080 -d "cmd=rotate-token&&token=u-XXXXX"

Rotate script:
https://download.akeyless.io/Akeyless_Artifacts/Linux/Universal_Identity/

Updated 3 months ago

Universal Identity


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.