Edit this page on GitHub

Home > docs > plugins v1 > Akeyless Task

Akeyless Task

The akeyless task allows workflows to interact with various Akeyeless API endpoints.

Usage

To enable the task in a Concord flow, it must be added as a dependency:

configuration:
  dependencies:
  - mvn://com.walmartlabs.concord.plugins:akeyless-task:1.41.0

This adds the task to the classpath and allows you to invoke the task in a flow:

flows:
  default:
    # full task call
    - task: akeyless
      in:
        action: getSecret
        path: "/my-secret"
    # shorthand, public method
    - expr: "${akeyless.getSecret('/my-secret')}"
      out: singleValue

Common Parameters

  • action: Action to perform. One of:
    • createSecret - Create a static secret
    • deleteItem - Delete an item
    • getSecret - Get value for one secret path
    • getSecrets - Get value for multiple secret paths
    • updateSecret - Update a secret’s value
  • apiBasePath - Akeyless API URL
  • debug: optional boolean, enabled extra debug log output for troubleshooting
  • auth - API authentication info

Task Output

The output of the full task call is saved into the result variable as map of secret paths and values.

configuration:
  arguments:
    myPath: "/my-secret"
flows:
  default:
    - task: akeyless
      in:
        action: getSecret
        path: "${myPath}"
    - log: "Don't log secret values: ${result[myPath]}"
    - log: "Same value: ${akeyless.getSecret('/my-secret')}"

The output of public method calls may different depending on the method called. See the documentation for the specific method for output details.

Setting Default Task Parameters

Set a akeylessParams variable to provide a default set of parameters to the task. This is helpful when the task is called multiple time and allows the use of the task’s public methods.

configuration:
  arguments:
    akeylessParams:
      apiBasePath: "https://api.akeyless.io"
      auth:
        apiKey:
          accessId: { org: "Default", name: "dev-akeyless-id" }
          accessKey: { org: "Default", name: "dev-akeyless-key" }

flows:
  default:
    # public methods are more succinct
    - expr: "${akeyless.getSecret('/my-secret')}"
      out: secretData

    # or use the full call to override a default parameter
    - task: akeyless
      in:
        apiBasePath: # override apiBasePath here
        action: getSecret
        # ...

Get Secret Data

Use the getSecret action to get the value of a single secret.

- task: akeyless
  in:
    action: getSecret
    path: "/my-secret"
# 'result' variable now contains:
# {
#   "/my-secret" : "<the-actual-value>"
# }

The task’s public can be used to retrieve only the data when default parameters are set.

- set: # value is just the secret string
    mySecretData: "${akeyless.getSecret('/my-secret')}"

Get Multiple Secrets

Use the getSecrets action to get the values of multiple secrets in one call.

- task: akeyless
  in:
    action: getSecrets
    paths:
      - "/my-first-secret"
      - "/subpath/my-second-secret"
# 'result' variable now contains:
# {
#   "/my-first-secret" : "<the-actual-value1>",
#   "/subpath/my-second-secret" : "<the-actual-value2>"
# }

Create a Secret

Use the createSecret action to create a static secret.

Available parameters:

  • path: name, including full path, of the secret
  • value: secret value
  • description: optional String, description of the secret
  • multiline: optional boolean, The provided value is a multiline value (separated by '\n'). Default is false
  • protectionKey: optional String, The name of a key used to encrypt the secret value (if empty, the account default protection key is used)
  • tags: optional list of String values, List of tags to apply to the secret
- task: akeyless
  in:
    action: createSecret
    path: "/path/to/my-secret"
    value: "don't hardcode this"
    description: "This is my super secret secret"

Update a Secret

Use the upateSecret action to update a secret.

Available parameters:

  • path: name, including full path, of the secret
  • value: secret value
  • multiline: optional boolean, The provided value is a multiline value (separated by '\n'). Default is false
  • protectionKey: optional String, The name of a key used to encrypt the secret value (if empty, the account default protection key is used)
  • keepPreviousVersion: optional boolean, when true keeps the previous version in the secret’s history. Default is true
- task: akeyless
  in:
    action: updateSecret
    path: "/my-secret"
    value: "aNewValue"
    multiline: false
    keepPreviousVersion: false  # default is true

Delete a Secret

Use the deleteItem action to delete an item.

Available parameters:

  • path: name, including full path, of the secret
  • deleteImmediately: optional boolean, when true deletes the item immediately. Default is true
  • deleteInDays: optional number, sets secrets to be deleted after the given number of days
  • version: optional number, specific version to delete. Default is all versions. 0=last version, -1=entire item with all versions
# delete all version of a secret
- task: akeyless
  in:
    action: deleteItem
    path: "/my-secret"

# delete on older version of a secret
- task: akeyless
  in:
    action: deleteItem
    path: "/my-secret"
    version: 2
    deleteImmediately: true # same as default

# mark secret for deletion in 15 days
- task: akeyless
  in:
    action: deleteItem
    path: "/my-secret"
    deleteInDays: 15