Usage Reports
Akeyless Usage Reports help administrators monitor secrets, keys, and password manager activity across their organization.
These reports track requests, actions, and usage trends for secrets and keys, password manager interactions, and billing across users, applications, and service accounts. For details on password manager reporting, see the Password Manager Usage Report for Admins.
To enable organization-wide views, contact your Account Manager.
Data scope and retention
What is included
- All actions and requests involving secrets, keys, and password manager items (creation, access, update, deletion, authentication events)
- Usage by users, applications, and service accounts
- Data from all accounts linked to your organization (if enabled)
- Items in Personal Folders and shared/corporate areas
Timeframes
- Reports can be generated for custom date ranges (for example, last 7 days, month-to-date, or a custom period)
- Default views show the last 30 days
Retention
- Usage data is retained for 12 months (Enterprise tier; may vary by plan)
- Exported reports are not deleted automatically
Exclusions
- Deleted items are not shown in current usage reports, but historical actions on deleted items remain visible for the retention period
- Some system/service actions may be excluded from user-facing reports for security reasons
How to access usage reports
Web console
- Log in to the Akeyless Web Console.
- Go to Usage Report from the main navigation menu.
- Select the desired date range and filters (for example, by user, secret, or action).
- Review the dashboard for key metrics (total requests, top users, and most-accessed secrets).
- To export, open the report action menu and select Export as JSON.
CLI
Retrieve analytics and usage data:
akeyless get-analytics-dataSample output:
{
"date_updated": 1716172800,
"usage_reports": {
"sm": {
"product": "sm",
"total_clients": 17,
"clients_by_auth_method_types": {
"saml2": 10,
"oidc": 5,
"ldap": 2
},
"total_secrets": 530,
"secrets_by_types": {
"static_secret": 320,
"classic_key": 210
}
}
}
}To automate or parse results:
akeyless get-analytics-data --json | jq '.usage_reports.sm.secrets_by_types | to_entries[] | select(.value > 100)'For command flags and usage details, see CLI reference: get-analytics-data. For operation-level schema details, see Get analytics data. For usage report access configuration, see CLI reference for access roles.
Downloading and exporting reports
Web console
- In the Usage Reports dashboard, apply any filters needed.
- Open the report action menu.
- Select Export as JSON.
CLI
- Run the command and redirect the output to a file:
akeyless get-analytics-data --json > usage-reports.json- Open
usage-reports.jsonfor reporting, sharing, or automation.
Key metrics and filtering
- Use filters to narrow results by user, secret, action type, or time period.
- Hover over chart elements for detailed tooltips.
- Common metrics:
- Total Requests: Number of API/console actions
- Unique Users: Distinct users who accessed secrets/keys
- Top Secrets/Keys: Most frequently accessed items
- Authentication Methods: SAML, OIDC, LDAP, and more
CLI filtering examples
The get-analytics-data output includes aggregated usage metrics under usage_reports and detailed client usage under clients_usage_reports.
Get total clients and total secrets for Secret Management:
akeyless get-analytics-data --json | jq '.usage_reports.sm | {total_clients, total_secrets}'List authentication method usage counts for Secret Management:
akeyless get-analytics-data --json | jq '.usage_reports.sm.clients_by_auth_method_types'Show the top secret types by count:
akeyless get-analytics-data --json | jq '.usage_reports.sm.secrets_by_types | to_entries | sort_by(-.value) | .[:5]'Find clients that exceeded limits:
akeyless get-analytics-data --json | jq '.clients_usage_reports.sm.clients[] | select(.exceeded_clients > 0)'Configuration and notifications
Permissions and RBAC
Access to Usage Reports is controlled by role-based access control (RBAC). To grant a role access, use the following CLI flag:
akeyless create-role --name <Role Name> --usage-reports-access allSupported values: none, all.
For more on RBAC, see Access Roles.
Event Center integration
Usage Reports can trigger events and notifications when thresholds are reached. Configure these in the Event Center:
usage-report: Notifies when client usage exceeds defined limits.
Event Forwarders can be set up to deliver notifications via email, Slack, ServiceNow, and webhooks.
Specialized usage reports
Organizational usage and billing
Selected users can be added to an organization view for usage and billing. To aggregate usage across multiple accounts, contact your Account Manager.
Password manager usage report
Admins can access a dedicated report for password management activity, including:
- Total users and authentication methods
- Number of stored passwords
- Usage by authentication type (SAML, OIDC, LDAP, Email)
See Password Manager Usage Report for Admins for details.
Troubleshooting
Missing data
- Ensure you have the correct RBAC permissions (
--usage-reports-access all) - Check that the selected date range includes the period of interest
- Data may be delayed by a few minutes for recent actions
Permission errors
- Contact your administrator to verify your role includes usage reports access
- If using the CLI/API, ensure your API key or token is valid and has the required scope
Export issues
- Try a different browser or clear cache if export/download fails
- If export fails, retry the JSON export action from the report action menu
Related features
- Audit Logs: For detailed event-level tracking and compliance
- Analytics: For advanced dashboards and trend analysis
- Billing: For usage-based billing and cost management
Tutorials and further reading
Note: Data in usage reports includes items stored in Personal Folders.
Updated 6 days ago