consumes: - application/json produces: - application/json schemes: - https swagger: '2.0' info: description: RESTFull API for interacting with AKEYLESS Proxy Vault title: AKEYLESS Proxy API contact: name: Refael Angel url: 'https://www.akeyless.io' email: refael@akeyless.io license: name: Apache 2.0 url: 'http://www.apache.org/licenses/LICENSE-2.0' version: $VERSION host: 'rest.akeyless-security.com' basePath: / paths: /help: post: description: |- help text summary: help text operationId: help responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-key: post: description: |- Creates a new key Options: name - Key name alg - Key type. options- [AES128GCM, AES256GCM, AES128SIV, AES256SIV, RSA1024, RSA2048] metadata - Metadata about the key split-level - The number of fragments that the item will be split into (not includes customer fragment) customer-frg-id - The customer fragment ID that will be used to create the key (if empty, the key will be created independently of a customer fragment) token - Access token summary: Creates a new key operationId: createKey parameters: - type: string description: Key name name: name in: query required: true - type: string description: Key type. options- [AES128GCM, AES256GCM, AES128SIV, AES256SIV, RSA1024, RSA2048] name: alg in: query required: true - type: string description: Metadata about the key name: metadata in: query required: false - type: string description: The number of fragments that the item will be split into (not includes customer fragment) name: split-level in: query required: false - type: string description: The customer fragment ID that will be used to create the key (if empty, the key will be created independently of a customer fragment) name: customer-frg-id in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-rsa-public: post: description: |- Obtain the public key from a specific RSA private key Options: name - Name of key to be created token - Access token summary: Obtain the public key from a specific RSA private key operationId: getRsaPublic parameters: - type: string description: Name of key to be created name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /upload-pkcs12: post: description: |- Upload a PKCS#12 key and certificates Options: name - Name of key to be created in - PKCS#12 input file (private key and certificate only) passphrase - Passphrase to unlock the pkcs#12 bundle metadata - A metadata about the key split-level - The number of fragments that the item will be split into customer-frg-id - The customer fragment ID that will be used to split the key (if empty, the key will be created independently of a customer fragment) cert - Path to a file that contain the certificate in a PEM format. If this parameter is not empty, the certificate will be taken from here and not from the PKCS#12 input file token - Access token summary: Upload a PKCS#12 key and certificates operationId: uploadPkcs12 parameters: - type: string description: Name of key to be created name: name in: query required: true - type: string description: PKCS#12 input file (private key and certificate only) name: in in: query required: true - type: string description: Passphrase to unlock the pkcs#12 bundle name: passphrase in: query required: true - type: string description: A metadata about the key name: metadata in: query required: false - type: string description: The number of fragments that the item will be split into name: split-level in: query required: false - type: string description: The customer fragment ID that will be used to split the key (if empty, the key will be created independently of a customer fragment) name: customer-frg-id in: query required: false - type: string description: Path to a file that contain the certificate in a PEM format. If this parameter is not empty, the certificate will be taken from here and not from the PKCS#12 input file name: cert in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /upload-rsa: post: description: |- Upload RSA key Options: name - Name of key to be created alg - Key type. options- [RSA1024, RSA2048] rsa-key-file-path - RSA private key file path metadata - A metadata about the key split-level - The number of fragments that the item will be split into customer-frg-id - The customer fragment ID that will be used to split the key (if empty, the key will be created independently of a customer fragment) token - Access token summary: Upload RSA key operationId: uploadRsa parameters: - type: string description: Name of key to be created name: name in: query required: true - type: string description: Key type. options- [RSA1024, RSA2048] name: alg in: query required: true - type: string description: RSA private key file path name: rsa-key-file-path in: query required: true - type: string description: A metadata about the key name: metadata in: query required: false - type: string description: The number of fragments that the item will be split into name: split-level in: query required: false - type: string description: The customer fragment ID that will be used to split the key (if empty, the key will be created independently of a customer fragment) name: customer-frg-id in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /encrypt: post: description: |- Encrypts plaintext into ciphertext by using an AES key Options: key-name - The name of the key to use in the encryption process plaintext - Data to be encrypted encryption-context - name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the decrypt command or decryption will fail token - Access token summary: Encrypts plaintext into ciphertext by using an AES key operationId: encrypt parameters: - type: string description: The name of the key to use in the encryption process name: key-name in: query required: true - type: string description: Data to be encrypted name: plaintext in: query required: true - type: string description: name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the decrypt command or decryption will fail name: encryption-context in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /encrypt-file: post: description: |- Encrypts a file by using an AES key Options: key-name - The name of the key to use in the encryption process in - Path to the file to be encrypted. If not provided, the content will be taken from stdin out - Path to the output file. If not provided, the output will be sent to stdout encryption-context - name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the decrypt command or decryption will fail token - Access token summary: Encrypts a file by using an AES key operationId: encryptFile parameters: - type: string description: The name of the key to use in the encryption process name: key-name in: query required: true - type: string description: Path to the file to be encrypted. If not provided, the content will be taken from stdin name: in in: query required: true - type: string description: Path to the output file. If not provided, the output will be sent to stdout name: out in: query required: false - type: string description: name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the decrypt command or decryption will fail name: encryption-context in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /encrypt-pkcs1: post: description: |- Encrypts the given message with RSA and the padding scheme from PKCS#1 v1.5 Options: key-name - The name of the RSA key to use in the encryption process plaintext - Data to be encrypted token - Access token summary: Encrypts the given message with RSA and the padding scheme from PKCS#1 v1.5 operationId: encryptPkcs1 parameters: - type: string description: The name of the RSA key to use in the encryption process name: key-name in: query required: true - type: string description: Data to be encrypted name: plaintext in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-ssh-certificate: post: description: |- Generates SSH certificate Options: cert-username - The username to sign in the SSH certificate cert-issuer-name - The name of the SSH certificate issuer public-key-file-path - SSH public key token - Access token summary: Generates SSH certificate operationId: getSshCertificate parameters: - type: string description: The username to sign in the SSH certificate name: cert-username in: query required: true - type: string description: The name of the SSH certificate issuer name: cert-issuer-name in: query required: true - type: string description: SSH public key name: public-key-file-path in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-ssh-cert-issuer: post: description: |- Creates a new SSH certificate issuer Options: name - SSH certificate issuer name signer-key-name - A key to sign the certificate with allowed-users - Users allowed to fetch the certificate, ex. root,ubuntu principals - Signed certificates with principal, ex. example_role1,example_role2 extensions - Signed certificates with extensions, ex. permit-port-forwarding="" expiration-sec - Signed certificates with expiration, use second units metadata - A metadata about the issuer token - Access token summary: Creates a new SSH certificate issuer operationId: createSshCertIssuer parameters: - type: string description: SSH certificate issuer name name: name in: query required: true - type: string description: A key to sign the certificate with name: signer-key-name in: query required: true - type: string description: Users allowed to fetch the certificate, ex. root,ubuntu name: allowed-users in: query required: true - type: string description: Signed certificates with principal, ex. example_role1,example_role2 name: principals in: query required: false - type: string description: Signed certificates with extensions, ex. permit-port-forwarding="" name: extensions in: query required: false - type: string description: Signed certificates with expiration, use second units name: expiration-sec in: query required: true - type: string description: A metadata about the issuer name: metadata in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /decrypt: post: description: |- Decrypts ciphertext into plaintext by using an AES key Options: key-name - The name of the key to use in the decryption process ciphertext - Ciphertext to be decrypted in base64 encoded format encryption-context - The encryption context. If this was specified in the encrypt command, it must be specified here or the decryption operation will fail token - Access token summary: Decrypts ciphertext into plaintext by using an AES key operationId: decrypt parameters: - type: string description: The name of the key to use in the decryption process name: key-name in: query required: true - type: string description: Ciphertext to be decrypted in base64 encoded format name: ciphertext in: query required: true - type: string description: The encryption context. If this was specified in the encrypt command, it must be specified here or the decryption operation will fail name: encryption-context in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /decrypt-file: post: description: |- Decrypts a file by using an AES key Options: key-name - The name of the key to use in the decryption process in - Path to the file to be decrypted. If not provided, the content will be taken from stdin out - Path to the output file. If not provided, the output will be sent to stdout encryption-context - The encryption context. If this was specified in the encrypt command, it must be specified here or the decryption operation will fail token - Access token summary: Decrypts a file by using an AES key operationId: decryptFile parameters: - type: string description: The name of the key to use in the decryption process name: key-name in: query required: true - type: string description: Path to the file to be decrypted. If not provided, the content will be taken from stdin name: in in: query required: true - type: string description: Path to the output file. If not provided, the output will be sent to stdout name: out in: query required: false - type: string description: The encryption context. If this was specified in the encrypt command, it must be specified here or the decryption operation will fail name: encryption-context in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /decrypt-pkcs1: post: description: |- Decrypts a plaintext using RSA and the padding scheme from PKCS#1 v1.5 Options: key-name - The name of the RSA key to use in the decryption process ciphertext - Ciphertext to be decrypted in base64 encoded format token - Access token summary: Decrypts a plaintext using RSA and the padding scheme from PKCS#1 v1.5 operationId: decryptPkcs1 parameters: - type: string description: The name of the RSA key to use in the decryption process name: key-name in: query required: true - type: string description: Ciphertext to be decrypted in base64 encoded format name: ciphertext in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /sign-pkcs1: post: description: |- Calculates the signature of hashed using RSASSA-PKCS1-V1_5-SIGN from RSA PKCS#1 v1.5 Options: key-name - The name of the RSA key to use in the signing process message - The message to be signed token - Access token summary: Calculates the signature of hashed using RSASSA-PKCS1-V1_5-SIGN from RSA PKCS#1 v1.5 operationId: signPkcs1 parameters: - type: string description: The name of the RSA key to use in the signing process name: key-name in: query required: true - type: string description: The message to be signed name: message in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /verify-pkcs1: post: description: |- Verifies an RSA PKCS#1 v1.5 signature Options: key-name - The name of the RSA key to use in the verification process message - The message to be verified signature - The message's signature token - Access token summary: Verifies an RSA PKCS#1 v1.5 signature operationId: verifyPkcs1 parameters: - type: string description: The name of the RSA key to use in the verification process name: key-name in: query required: true - type: string description: The message to be verified name: message in: query required: true - type: string description: The message's signature name: signature in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-secret: post: description: |- Creates a new secret item Options: name - Secret name value - The secret value metadata - Metadata about the secret key - The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used) multiline - The provided value is a multiline value (separated by '\n') token - Access token summary: Creates a new secret item operationId: createSecret parameters: - type: string description: Secret name name: name in: query required: true - type: string description: The secret value name: value in: query required: true - type: string description: Metadata about the secret name: metadata in: query required: false - type: string description: The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used) name: key in: query required: false - type: boolean description: The provided value is a multiline value (separated by '\n') name: multiline in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-secret-value: post: description: |- Get static secret value Options: name - Secret name token - Access token summary: Get static secret value operationId: getSecretValue parameters: - type: string description: Secret name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /update-secret-val: post: description: |- Update static secret value Options: name - Secret name value - The new secret value key - The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used) multiline - The provided value is a multiline value (separated by '\n') token - Access token summary: Update static secret value operationId: updateSecretVal parameters: - type: string description: Secret name name: name in: query required: true - type: string description: The new secret value name: value in: query required: true - type: string description: The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used) name: key in: query required: false - type: boolean description: The provided value is a multiline value (separated by '\n') name: multiline in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-dynamic-secret: post: description: |- Creates a new dynamic secret item Options: name - Dynamic secret name metadata - Metadata about the dynamic secret key - The name of a key that used to encrypt the dynamic secret values (if empty, the account default protectionKey key will be used) token - Access token summary: Creates a new dynamic secret item operationId: createDynamicSecret parameters: - type: string description: Dynamic secret name name: name in: query required: true - type: string description: Metadata about the dynamic secret name: metadata in: query required: false - type: string description: The name of a key that used to encrypt the dynamic secret values (if empty, the account default protectionKey key will be used) name: key in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-dynamic-secret-value: post: description: |- Get dynamic secret value Options: name - Dynamic secret name token - Access token summary: Get dynamic secret value operationId: getDynamicSecretValue parameters: - type: string description: Dynamic secret name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /describe-item: post: description: |- Returns the item details Options: name - Item name token - Access token summary: Returns the item details operationId: describeItem parameters: - type: string description: Item name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /update-item: post: description: |- Update item name and metadata Options: name - Current item name new-name - New item name new-metadata - New item metadata token - Access token summary: Update item name and metadata operationId: updateItem parameters: - type: string description: Current item name name: name in: query required: true - type: string description: New item name name: new-name in: query required: false - type: string description: New item metadata name: new-metadata in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /delete-item: post: description: |- Delete an item Options: name - Item name token - Access token summary: Delete an item operationId: deleteItem parameters: - type: string description: Item name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /list-items: post: description: |- Returns a list of all accessible items Options: type - The item types list of the requested items. In case it is empty, all types of items will be returned. options- [key, static-secret, dynamic-secret] ItemsTypes - ItemsTypes path - Path to folder token - Access token summary: Returns a list of all accessible items operationId: listItems parameters: - type: string description: The item types list of the requested items. In case it is empty, all types of items will be returned. options- [key, static-secret, dynamic-secret] name: type in: query required: false - type: string description: ItemsTypes name: ItemsTypes in: query required: false - type: string description: Path to folder name: path in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-auth-method: post: description: |- Create a new Auth Method in the account Options: name - Auth Method name access-expires - Access expiration date in Unix timestamp (select 0 for access without expiry date) bound-ips - A CIDR whitelist with the IPs that the access is restricted to token - Access token summary: Create a new Auth Method in the account operationId: createAuthMethod parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access expiration date in Unix timestamp (select 0 for access without expiry date) name: access-expires in: query required: false - type: string description: A CIDR whitelist with the IPs that the access is restricted to name: bound-ips in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-auth-method-azure-ad: post: description: |- Create a new Auth Method that will be able to authentication using Azure Active Directory credentials Options: name - Auth Method name access-expires - Access expiration date in Unix timestamp (select 0 for access without expiry date) bound-ips - A CIDR whitelist of the IPs that the access is restricted to bound-tenant-id - The Azure tenant id that the access is restricted to issuer - Issuer URL jwks-uri - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server. audience - The audience in the JWT bound-spid - A list of service principal IDs that the access is restricted to bound-group-id - A list of group ids that the access is restricted to bound-sub-id - A list of subscription ids that the access is restricted to bound-rg-id - A list of resource groups that the access is restricted to bound-providers - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc) bound-resource-types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc) bound-resource-names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc). bound-resource-id - A list of full resource ids that the access is restricted to token - Access token summary: Create a new Auth Method that will be able to authentication using Azure Active Directory credentials operationId: createAuthMethodAzureAd parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access expiration date in Unix timestamp (select 0 for access without expiry date) name: access-expires in: query required: false - type: string description: A CIDR whitelist of the IPs that the access is restricted to name: bound-ips in: query required: false - type: string description: The Azure tenant id that the access is restricted to name: bound-tenant-id in: query required: true - type: string description: Issuer URL name: issuer in: query required: false - type: string description: The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server. name: jwks-uri in: query required: false - type: string description: The audience in the JWT name: audience in: query required: false - type: string description: A list of service principal IDs that the access is restricted to name: bound-spid in: query required: false - type: string description: A list of group ids that the access is restricted to name: bound-group-id in: query required: false - type: string description: A list of subscription ids that the access is restricted to name: bound-sub-id in: query required: false - type: string description: A list of resource groups that the access is restricted to name: bound-rg-id in: query required: false - type: string description: A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc) name: bound-providers in: query required: false - type: string description: A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc) name: bound-resource-types in: query required: false - type: string description: A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc). name: bound-resource-names in: query required: false - type: string description: A list of full resource ids that the access is restricted to name: bound-resource-id in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-auth-method-oauth2: post: description: |- Create a new Auth Method that will be able to authentication using OpenId/OAuth2 Options: name - Auth Method name access-expires - Access expiration date in Unix timestamp (select 0 for access without expiry date) bound-ips - A CIDR whitelist of the IPs that the access is restricted to bound-clients-ids - The clients ids that the access is restricted to issuer - Issuer URL jwks-uri - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server. audience - The audience in the JWT token - Access token summary: Create a new Auth Method that will be able to authentication using OpenId/OAuth2 operationId: createAuthMethodOauth2 parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access expiration date in Unix timestamp (select 0 for access without expiry date) name: access-expires in: query required: false - type: string description: A CIDR whitelist of the IPs that the access is restricted to name: bound-ips in: query required: false - type: string description: The clients ids that the access is restricted to name: bound-clients-ids in: query required: true - type: string description: Issuer URL name: issuer in: query required: true - type: string description: The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server. name: jwks-uri in: query required: true - type: string description: The audience in the JWT name: audience in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-auth-method-ldap: post: description: |- Create a new Auth Method that will be able to authentication using LDAP Options: name - Auth Method name access-expires - Access expiration date in Unix timestamp (select 0 for access without expiry date) bound-ips - A CIDR whitelist of the IPs that the access is restricted to public-key-file-path - A public key generated for LDAP authentication method on Akeyless [RSA2048] token - Access token summary: Create a new Auth Method that will be able to authentication using LDAP operationId: createAuthMethodLdap parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access expiration date in Unix timestamp (select 0 for access without expiry date) name: access-expires in: query required: false - type: string description: A CIDR whitelist of the IPs that the access is restricted to name: bound-ips in: query required: false - type: string description: A public key generated for LDAP authentication method on Akeyless [RSA2048] name: public-key-file-path in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-auth-method-saml: post: description: |- Create a new Auth Method that will be able to authentication using SAML Options: name - Auth Method name access-expires - Access expiration date in Unix timestamp (select 0 for access without expiry date) bound-ips - A CIDR whitelist of the IPs that the access is restricted to idp-metadata-url - IDP metadata url token - Access token summary: Create a new Auth Method that will be able to authentication using SAML operationId: createAuthMethodSaml parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access expiration date in Unix timestamp (select 0 for access without expiry date) name: access-expires in: query required: false - type: string description: A CIDR whitelist of the IPs that the access is restricted to name: bound-ips in: query required: false - type: string description: IDP metadata url name: idp-metadata-url in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-auth-method: post: description: |- Returns an information about the Auth Method Options: name - Auth Method name token - Access token summary: Returns an information about the Auth Method operationId: getAuthMethod parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /list-auth-methods: post: description: |- Returns a list of all the Auth Methods in the account Options: token - Access token summary: Returns a list of all the Auth Methods in the account operationId: listAuthMethods parameters: - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /delete-auth-method: post: description: |- Delete the Auth Method Options: name - Auth Method name token - Access token summary: Delete the Auth Method operationId: deleteAuthMethod parameters: - type: string description: Auth Method name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /create-role: post: description: |- Creates a new role Options: name - Role name comment - Comment about the role token - Access token summary: Creates a new role operationId: createRole parameters: - type: string description: Role name name: name in: query required: true - type: string description: Comment about the role name: comment in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /get-role: post: description: |- Get role details Options: name - Role name token - Access token summary: Get role details operationId: getRole parameters: - type: string description: Role name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /update-role: post: description: |- Update role details Options: name - Role name new-name - New Role name new-comment - New comment about the role token - Access token summary: Update role details operationId: updateRole parameters: - type: string description: Role name name: name in: query required: true - type: string description: New Role name name: new-name in: query required: false - type: string description: New comment about the role name: new-comment in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /list-roles: post: description: |- Returns a list of all roles in the account Options: token - Access token summary: Returns a list of all roles in the account operationId: listRoles parameters: - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /delete-role: post: description: |- Delete a role Options: name - Role name token - Access token summary: Delete a role operationId: deleteRole parameters: - type: string description: Role name name: name in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /set-role-rule: post: description: |- Set a rule to a role Options: role-name - The role name to be updated path - The path the rule refers to capability - List of the approved/denied capabilities in the path options- [read, create, update, delete, list, deny] token - Access token summary: Set a rule to a role operationId: setRoleRule parameters: - type: string description: The role name to be updated name: role-name in: query required: true - type: string description: The path the rule refers to name: path in: query required: true - type: string description: List of the approved/denied capabilities in the path options- [read, create, update, delete, list, deny] name: capability in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /delete-role-rule: post: description: |- Delete a rule from a role Options: role-name - The role name to be updated path - The path the rule refers to token - Access token summary: Delete a rule from a role operationId: deleteRoleRule parameters: - type: string description: The role name to be updated name: role-name in: query required: true - type: string description: The path the rule refers to name: path in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /assoc-role-am: post: description: |- Create an association between role and auth method Options: role-name - The role name to associate am-name - The auth method name to associate sub-claims - key/val of sub claims, ex. group=admins,developers token - Access token summary: Create an association between role and auth method operationId: assocRoleAm parameters: - type: string description: The role name to associate name: role-name in: query required: true - type: string description: The auth method name to associate name: am-name in: query required: true - type: string description: key/val of sub claims, ex. group=admins,developers name: sub-claims in: query required: false - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /delete-assoc: post: description: |- Delete an association between role and auth method Options: assoc-id - The association id to be deleted token - Access token summary: Delete an association between role and auth method operationId: deleteAssoc parameters: - type: string description: The association id to be deleted name: assoc-id in: query required: true - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /configure: post: description: |- Configure client profile. Options: access-id - Access ID access-key - Access Key access-type - Access Type (api_key/azure_ad/okta_saml/ldap) ldap_proxy_url - Address URL for ldap proxy (relevant only for access-type=ldap) azure_ad_object_id - Azure Active Directory ObjectId (relevant only for access-type=azure_ad) summary: Configure client profile. operationId: configure parameters: - type: string description: Access ID name: access-id in: query required: true - type: string description: Access Key name: access-key in: query required: false - type: string description: Access Type (api_key/azure_ad/okta_saml/ldap) name: access-type in: query required: false - type: string description: Address URL for ldap proxy (relevant only for access-type=ldap) name: ldap_proxy_url in: query required: false - type: string description: Azure Active Directory ObjectId (relevant only for access-type=azure_ad) name: azure_ad_object_id in: query required: false responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /unconfigure: post: description: |- Remove Configuration of client profile. Options: token - Access token summary: Remove Configuration of client profile. operationId: unconfigure parameters: - type: string description: Access token name: token in: query required: true responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' /auth: post: description: |- Authenticate to the service and returns a token to be used as a profile to execute the CLI without the need for re-authentication Options: access-id - Access ID access-type - Access Type (api_key/okta_saml/ldap) access-key - Access key (relevant only for access-type=api_key) ldap_proxy_url - Address URL for LDAP proxy (relevant only for access-type=ldap) summary: Authenticate to the service and returns a token to be used as a profile to execute the CLI without the need for re-authentication operationId: auth parameters: - type: string description: Access ID name: access-id in: query required: true - type: string description: Access Type (api_key/okta_saml/ldap) name: access-type in: query required: false - type: string description: Access key (relevant only for access-type=api_key) name: access-key in: query required: false - type: string description: Address URL for LDAP proxy (relevant only for access-type=ldap) name: ldap_proxy_url in: query required: false responses: '200': $ref: '#/responses/Response' '400': $ref: '#/responses/BadRequestResponse' '401': $ref: '#/responses/UnauthorizedResponse' '403': $ref: '#/responses/ForbiddenResponse' '404': $ref: '#/responses/NotFoundResponse' default: $ref: '#/responses/ErrorResponse' definitions: ErrorReplyObj: description: Response with error description type: object properties: error: description: Internal error code type: string message: description: Error message type: string ReplyObj: description: Base response type: object properties: command: type: string response: type: object items: type: string status: type: string token: type: string responses: BadRequestResponse: description: Invalid request schema: $ref: '#/definitions/ErrorReplyObj' ErrorResponse: description: Unspecified error in request schema: $ref: '#/definitions/ErrorReplyObj' ExpectationFailedResponse: description: Invalid request schema: $ref: '#/definitions/ErrorReplyObj' ForbiddenResponse: description: Forbidden access schema: $ref: '#/definitions/ErrorReplyObj' NotFoundResponse: description: Item not found schema: $ref: '#/definitions/ErrorReplyObj' Response: description: response schema: $ref: '#/definitions/ReplyObj' UnauthorizedResponse: description: Unauthorized access schema: $ref: '#/definitions/ErrorReplyObj'