The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Zero-Trust Proxy CLI

Akeyless Vault provides many ways to interact and manage multiple types of supported secrets. Using the CLI you'll be able to perform many actions such as; creating Secrets & Keys, listing and fetching secrets, as well as encrypting and decrypting any data.

Akeyless Vault has two types of CLI implementations - Native Akeyless CLI and API GW, described below.

Zero-Trust Proxy CLI

What is a Zero-Trust Proxy...?

First, we'd recommend reading about Akeyless Distributed Fragments Cryptography and Zero Trust Encryption which would provide some background about the unique way we're encrypting your secrets. In simple words, a Zero-Trust Proxy centrally stores the Customer's Encryption Key Fragments, making sure that even Akeyless can't decrypt your secrets and access your Encryption Keys. Though it is possible to use Customer's Fragments without a Proxy, teams may prefer having it centrally managed, and therefore - we're happy to support it.

In order to complete this guide, you'll need your internal Akeyless Zero-Trust URL (ask your Akeyless Vault Admin).

Configure the proxy-enabled-CLI to get to know your Zero-Trust Proxy

How to download Zero-Trust Proxy CLI:

curl http(s)://proxy-url[:port]/akeyless_proxy_cli -o akeyless-cli
chmod +x akeyless-cli

The following will enable your proxy-enabled-CLI to direct all the requests through your internal Zero-Trust proxy, by configuring an Environment Variable:

$ export AKEYLESS_PROXY=https://<your-proxy-ip-address>[:port]

Example:

export AKEYLESS_PROXY=https://rest.akeyless.io

Authenticate to your Akeyless Vault

After having our CLI ready, you'll be asked to provide an authentication token to your internal Proxy. Now would be a good time to use the credentials (API-Key) you were given when you originally signed up - Access-Id and its corresponding Access-Key.

To make it even easier, we support many other authentication methods, by relying on 3rd-party Identity Providers such as API key, Okta, SAML, LDAP, Azure AD, OpenID and others.

In the following example, you'll find both authentication methods: API-Key and LDAP (some may not see that there are actually 2 tabs ahead...).

Notice - the following will create a temporary token that will stay valid for 5 minutes and will be revoked afterwards. Whenever revoked, regenerate a new token via configure command to be able to run further operations.

#configure a profile
$ akeyless_proxy_cli configure --access-id p-abc12de --access-key "nadbsdjskla/dskjdslld="
#response would look like this:
{
"status": "success",
"token": "mwvtbinyx12kssi6yeiuszunoqa72dcf",
"command": "configure",
"response": "[Warning] Using an api-key on the command line interface can be insecure
Successfully appended [curl_mwvtbinyx12kssi6yeiuszunoqa72dcf]
Profile curl_mwvtbinyx12kssi6yeiuszunoqa72dcf successfully configured"
}
#configure a profile
$ akeyless_proxy_cli configure --access-type ldap --ldap_proxy_url http://api-proxy-ip-address:api-proxy-port --profile ldap  --access-id p-abc12de 
#response would look like this:
{
"status": "success",
"token": "mwvtbinyx12kssi6yeiuszunoqa72dcf",
"command": "configure",
"response": "Successfully appended [curl_mwvtbinyx12kssi6yeiuszunoqa72dcf]
Profile curl_mwvtbinyx12kssi6yeiuszunoqa72dcf successfully configured"
}

Using a CURL

The internal Zero-Trust Proxy also provides an ability to run CURL commands through a RESTful API. In order to do so, you'll need a token from your internal Zero-Trust Proxy.

Configure your CURL by using the ‘configure’ command to get a random temporary token which will be used to run all operations with Akeyless Vault.

In the following example, we'll use the API-key authentication method.

Notice - the following will create a temporary token that will stay valid for 5 minutes and will be revoked afterward. Whenever revoked, regenerate a new token via the same 'configure' command.

$ akeyless_cli configure --access-id //your_access_id --access-key //your_access_key 
{
  "status": "success",
  "command": "configure",
  "response": [
    "[Warning] Using an api-key on the command line interface can be insecure",
    "Successfully appended curl_nns7ut1dd0w6bqhufyo8tqg6e6fkndhu]",
    "Profile curl_nns7ut1dd0w6bqhufyo8tqg6e6fkndhu successfully configured",
    ""
  ],
  "token": "*************"

Once authentication is configured - your CURL is ready!

The CURL supports both standard and json formats, for example:

$ curl -d "cmd=help" http://proxy-ip-address:8080

$ curl -d "cmd=list-items&token=<your_token>" http://proxy-ip-address:8080

$ curl -X POST -H 'Content-type: application/json' --data '{"cmd":"list-secrets", 
"token":"<your_token>"}' http://proxy-ip-address:8080

$ curl -X POST -H 'Content-type: application/json' --data @/path/to/configure.json http://proxy-ip-address:8080

Updated 2 months ago

Zero-Trust Proxy CLI


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.