Akeyless Gateway
The Akeyless Gateway connection is required for Secrets Management.
You can create and manage Akeyless Gateway Connections through the CipherTrust Manager GUI or CLI.
Creating Akeyless Gateway Connections using GUI
Note
An Akeyless Gateway Connection is automatically created as part of the initial configuration. We strongly recommend that you configure CipherTrust Manager with this autogenerated connection. Only manually create Akeyless Gateway connections for recovery or testing purposes.
To manually create an Akeyless Gateway connection, you require the Access Key ID and Access Key of the Gateway-Admin
authentication method. This is obtained through resetting the Gateway-Admin credentials, which invalidates the initial autogenerated Akeyless connection.
Click the Test Credentials button to check whether CipherTrust Manager can connect to Akeyless Vault Platform using the Gateway-Admin credentials.
Note
This connection is not associated with a product, so there is no Add Products selection.
Managing Akeyless Gateway Connections using ksctl
You can perform the following operations on an Akeyless Gateway connection:
View one Akeyless Gateway connection
Update
Delete
List all Akeyless Gateway connections
Test an existing Akeyless Gateway Connection
Create
Test parameters for a new Akeyless Gateway connection
Viewing Details for an Akeyless Gateway connection
To view details for an Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless get --id <connection_name_or_id>
Example Request
ksctl connectionmgmt akeyless get --id my-akeyless-connection
Example Response
{
"id": "da862727-157a-40f7-8847-061cd1e82839",
"uri": "kylo:kylo:connectionmgmt:connections:my-akeyless-connection-da862727-157a-40f7-8847-061cd1e82839",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-02T15:51:48.354687Z",
"updatedAt": "2023-08-02T15:51:48.353866Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "my-akeyless-connection",
"access_key_id": "p-123456abcdef"
}
Updating an Akeyless Gateway connection
You can update the Gateway Admin access key ID, the Gateway Admin access key, or the meta information associated with an Akeyless Gateway connection. The example updates the meta information.
To update an Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless modify --id <connection_name_or_id> [--akeyless-key-id <gateway_admin_key_id>] [--akeyless-key <gateway_admin_key>] [--meta <comma_separated_key:value>]
Example Request
ksctl connectionmgmt akeyless modify --id my-akeyless-connection --meta "{\"color\":\"blue\"}"
Example Response
{
"id": "da862727-157a-40f7-8847-061cd1e82839",
"uri": "kylo:kylo:connectionmgmt:connections:my-akeyless-connection-da862727-157a-40f7-8847-061cd1e82839",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-02T15:51:48.354687Z",
"updatedAt": "2023-08-02T16:05:46.798878173Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "my-akeyless-connection",
"meta": {
"color": "blue"
},
"access_key_id": "p-123456abcdef"
}
Deleting an Akeyless Gateway connection
To delete an Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless delete --id <connection_name_or_id>
Example Request
ksctl connectionmgmt akeyless delete --id my-akeyless-connection
There will be no response if the connection is deleted successfully.
Listing all Akeyless Gateway connections
To list all Akeyless Gateway connections run:
Syntax
ksctl connectionmgmt akeyless list
Example Request
ksctl connectionmgmt akeyless list
Example Response
{
"skip": 0,
"limit": 10,
"total": 3,
"resources": [
{
"id": "da862727-157a-40f7-8847-061cd1e82839",
"uri": "kylo:kylo:connectionmgmt:connections:my-akeyless-connection-da862727-157a-40f7-8847-061cd1e82839",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-02T15:51:48.354687Z",
"updatedAt": "2023-08-02T16:05:46.798878Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "my-akeyless-connection",
"meta": {
"color": "blue"
},
"access_key_id": "p-123456abcdef"
},
{
"id": "cff708c4-34df-4cc5-8f4a-06b22be11c87",
"uri": "kylo:kylo:connectionmgmt:connections:akeyless-connection-2-cff708c4-34df-4cc5-8f4a-06b22be11c87",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-01T15:50:18.247739Z",
"updatedAt": "2023-08-01T15:50:22.890931Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": true,
"last_connection_at": "2023-08-01T15:50:22.890733Z",
"name": "akeyless-connection-2",
"access_key_id": "p-123456abcdef"
},
{
"id": "b625f1c0-542c-4f3c-b467-78c7b80becb0",
"uri": "kylo:kylo:connectionmgmt:connections:akeyless-b625f1c0-542c-4f3c-b467-78c7b80becb0",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-01T15:22:01.218978Z",
"updatedAt": "2023-08-01T15:22:05.004709Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": true,
"last_connection_at": "2023-08-01T15:22:05.004562Z",
"name": "akeyless",
"access_key_id": "p-123456abcdef"
}
]
}
Testing an Existing Akeyless Gateway connection
To test an existing Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless test --id <connection_name_or_id>
Example Request
ksctl connectionmgmt akeyless test --id my-akeyless-connection
Example Response
{
"connection_ok": true
}
Creating an Akeyless Gateway Connection
Note
An Akeyless Gateway Connection is automatically created as part of the initial configuration. We strongly recommend that you configure CipherTrust Manager with this autogenerated connection. Only manually create Akeyless Gateway connections for recovery or testing purposes.
To manually create an Akeyless Gateway connection, you require the Access Key ID and Access Key of the Gateway-Admin
authentication method. This is obtained through resetting the Gateway-Admin credentials, which invalidates the initial autogenerated Akeyless connection.
To create an Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless create --name <connection_name> --akeyless-key-id <gateway_admin_key_id> --akeyless-key <gateway_admin_key> [--meta <comma_separated_key:value>]
Example Request
ksctl connectionmgmt akeyless create --name my-akeyless-connection --akeyless-key-id p-123456abcdef --akeyless-key mG6yXCUmgKCCGDKnQecDxmVdWjCzLGbRQJbnztQ7Tn9e
Example Response
{
"id": "da862727-157a-40f7-8847-061cd1e82839",
"uri": "kylo:kylo:connectionmgmt:connections:my-akeyless-connection-da862727-157a-40f7-8847-061cd1e82839",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-08-02T15:51:48.354687497Z",
"updatedAt": "2023-08-02T15:51:48.353865994Z",
"service": "akeyless",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "my-akeyless-connection",
"access_key_id": "p-123456abcdef"
}
Testing Parameters for a new Akeyless Gateway connection
To test the Gateway Admin credentials before creating an Akeyless Gateway connection run:
Syntax
ksctl connectionmgmt akeyless test --akeyless-key-id <gateway_admin_access_key_id> --akeyless-key <gateway_admin_access_key>
Example Request
ksctl connectionmgmt akeyless test --akeyless-key-id p-123456abcdef --akeyless-key mG6yXCUmgKCCGDKnQecDxmVdWjCzLGbRQJbnztQ7Tn9e
Example Response
{
"connection_ok": true
}