Universal Secrets Connector: Multi-Vault Governance
Deeper DiveFor more in-depth information, check out our detailed documentation on the following topics:
Universal Secrets ConnectorAWS Universal Secrets Connector
Need any help?If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.
What is a Universal Secrets Connector?
While Akeyless is built to store, manage, and protect your secrets internally, it can also be used to manage secrets stored in other secret management services such as AWS, GCP, Azure, or Kubernetes.
This can be done seamlessly with Akeyless Universal Secrets Connector. A connector uses Targets to establish secure logical access to the related services, enabling in direct management of those secrets. Each USC item derives its permissions from the identity linked to its Target.
In this tutorial, we will show how to manage AWS Secret Manager secrets from within Akeyless.
Managing AWS Secret Manager secrets using Universal Secrets Connector
Using Akeyless Console
Go to Items and choose New -> USC.
Then, choose the service you want to manage secrets from and click "Next".
Important NotesCloud Platform USCs are available per region. On Kubernetes, they are available per namespace.
For Kubernetes USCs, a
clusterRoleandclusterRoleBindingwith correct permissions is necessary.
Next, enter the Name, Target, and Gateway and click Finish.
You will then see the details of the Universal Secrets Connector (USC) on the right side and click on the "View All Secrets" button.
You will see a new page open up that will show your secrets within that AWS Region.
You can see the same secret in the AWS account as well.
Create a New Secret Using USC
Next, click the "New Secret" button, give the secret a Name and Value, and click "Save".
Go to your external service (in this case, AWS) and you will see the new secret created.
Update Secret Using USC
To Update the secret value, in Akeyless, click on the 3 dots and choose Update.
Then, update your secret value by clicking on the eye symbol and editing it. In this case, we changed "bar" to "bar2".
You can confirm the change in AWS as well.
Delete a Secrets Using USC
To delete the secret, in Akeyless, click on the 3 dots nest to the secret and choose "Delete" and enter the name of the secret, then click "Delete".
Go back to your external service and confirm the secret was deleted.
Using Akeyless CLI
To create a USC, use the following command and add the Name and Target.
akeyless create-usc -n <name> -a <target name> -u <gateway-url>To view the secrets saved on your USC, use the following command.
akeyless usc list -n <usc name> -u <gateway-url>The output should look similar to this.
{
"secrets_list": [
{
"secret_id": "<secret id>",
"name": "<secret name>",
"created": "<timestamp>",
"type": "<type>",
"status": <activity status, true/false>
}
]
}To view a secret from your USC, use the following command.
akeyless usc get -n <usc name> -s <secret id or name> -u <gateway-url>The output should look similar to this.
{
"value": "<base64 encoded value>",
"metadata": {
"created": "<timestamp>",
"updated": "<timestamp>"
}
}To create a new secret in your USC, use the following command.
akeyless usc create -n <usc name> -s <new secret name> -v <secret value> -u <gateway-url>To update an existing secret in your USC, use the following command.
akelyess usc update -n <usc name> -s <secret id or name> -v <new secret value> -u <gateway-url>To delete an existing secret in your USC, use the following command.
akelyess usc delete -n <usc name> -s <secret id or name> -u <gateway-url>Updated 7 days ago