Creating and Updating a Static Secret
Deeper Dive
For more in-depth information, check out our detailed documentation on the following topics:
Need any help?
If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.
Below is a text-only guide for users based on the above video
What is a Static Secret?
A static secret is a key/value pair. These are usually secrets that are updated manually, such as passwords, API tokens, Personally Identifiable Information (PII), and more. Static secrets are generally updated on a less frequent basis and must be manually updated.
Secrets can be created in 3 ways:
- Akeyless Web Console
- Akeyless CLI
- Automation/Scripts
We will go through the first two for now.
Creating a Static Secret via the UI
Choose ‘New’ → ‘Static Secret’ in the Secrets & Keys menu.
Enter the Name and Value of the Secret. Additionally, you may optionally add a Location (or virtual folder) in which to place the Secret.
The new Secret will appear within that folder or in the main directory, depending on where you created the Secret.
You will see the secret within the directory it is created.
Fetching a Static Secret via the UI
To fetch a static secret inside the Akeyless UI, click on the eye symbol and you will decrypt the value. You can also choose to copy the value to the clipboard.
Updating and Rolling Back a Static Secret via the UI
To update a static secret value, click on the pencil icon next to the value and enter your new value. This will create a new version of the static secret. Ensure you choose the option to "Keep Previous Version".
You will now see a new column titled "Versions" at the top. To roll back the secret to a previous version, click into that section and click on the clock icon, then Restore.
Once that's done, it will create a third version that matches the version you rolled back to.
Creating a Static Secret via the CLI
Open your terminal and ensure you have the CLI installed (How to Install CLI).
Run the below command in your terminal, replacing [folder_name], [secret_name], and [secret_value]. You can use -n or --name interchangeably.
akeyless create-secret -n /[folder_name]/[secret_name] -v [secret_value]
The output should look like this:
The secret will be created in the directory you chose, as seen in the image below.
Fetching a Static Secret via the CLI
To fetch a secret, run the below command in your terminal, replacing [folder_name], [secret_name], and [secret_value].
akeyless get-secret-value -n /[folder_name]/[secret_name]
The output should look like this:
Updating and Rolling Back a Static Secret via the CLI
To update a secret, run the below command in your terminal, replacing [folder_name], [secret_name], and [secret_value]. Use the --keep-prev-version=true flag to ensure you can roll back the secret value.
akeyless update-secret-val -n /[folder_name]/[secret_name] -v [new-value] --keep-prev-version=true
The output should look like this:
You can now view the updated secret by running the normal akeyless get-secret-value command:
If you want to see more information about the secret as well as previous values, you can run the following command:
akeyless describe-item -n /[folder_name]/[secret_name] --show-versions
The output should look like this:
You can also see any previous version by running the following command:
akeyless get-secret-value -n /[folder_name]/[secret_name] --version [number]
The output should look like this:
To roll back a value, run the following command:
akeyless rollback-secret -n /[folder_name]/[secret_name] --old-version [number]
The output should look like this:
And when you run the akeyless get-secret-value command again, you get the output of the secret after it was rolled back. This rollback process creates a new version of the secret that matches the value you chose to roll back to.
Updated 6 months ago