Home > docs > plugins v1 > Akeyless Task
The akeyless
task allows workflows to interact with various
Akeyeless API endpoints.
To enable the task in a Concord flow, it must be added as a dependency:
configuration:
dependencies:
- mvn://com.walmartlabs.concord.plugins:akeyless-task:1.44.0
This adds the task to the classpath and allows you to invoke the task in a flow:
flows:
default:
# full task call
- task: akeyless
in:
action: getSecret
path: "/my-secret"
# shorthand, public method
- expr: "${akeyless.getSecret('/my-secret')}"
out: singleValue
Common Parameters
action
: Action to perform. One of:
auth
- Retrieves an API access tokencreateSecret
- Create a static secretdeleteItem
- Delete an itemgetSecret
- Get value for one secret pathgetSecrets
- Get value for multiple secret pathsupdateSecret
- Update a secret’s valueapiBasePath
- Akeyless API URLdebug
: optional boolean
, enabled extra debug log output for troubleshootingaccessToken
- API access token. Supersedes auth
parameterauth
- API authentication info. Used to generate an authentication token when
accessToken
is not provided. Supported authentication methods are:
apiKey
- Details for API Key authentication method
accessId
accessKey
The output of the full task call is saved into the result
variable as map of
secret paths and values.
configuration:
arguments:
myPath: "/my-secret"
flows:
default:
- task: akeyless
in:
action: getSecret
path: "${myPath}"
- log: "Don't log secret values: ${result[myPath]}"
- log: "Same value: ${akeyless.getSecret('/my-secret')}"
The output of public method calls may different depending on the method called. See the documentation for the specific method for output details.
Set a akeylessParams
variable to provide a default set of parameters to the
task. This is helpful when the task is called multiple time and allows the use
of the task’s public methods.
configuration:
arguments:
akeylessParams:
apiBasePath: "https://api.akeyless.io"
auth:
apiKey:
accessId: { org: "Default", name: "dev-akeyless-id" }
accessKey: { org: "Default", name: "dev-akeyless-key" }
flows:
default:
# public methods are more succinct
- expr: "${akeyless.getSecret('/my-secret')}"
out: secretData
# or use the full call to override a default parameter
- task: akeyless
in:
apiBasePath: # override apiBasePath here
action: getSecret
# ...
Use the auth
action to generate an access token from a given authentication method.
- task: akeyless
in:
action: auth
out: result
# 'result' variable now contains:
# {
# "accessToken" : "<the-actual-value>"
# }
Use the getSecret
action to get the value of a single secret.
- task: akeyless
in:
action: getSecret
path: "/my-secret"
# 'result' variable now contains:
# {
# "/my-secret" : "<the-actual-value>"
# }
The task’s public can be used to retrieve only the data when default parameters are set.
- set: # value is just the secret string
mySecretData: "${akeyless.getSecret('/my-secret')}"
Use the getSecrets
action to get the values of multiple secrets in one call.
- task: akeyless
in:
action: getSecrets
paths:
- "/my-first-secret"
- "/subpath/my-second-secret"
# 'result' variable now contains:
# {
# "/my-first-secret" : "<the-actual-value1>",
# "/subpath/my-second-secret" : "<the-actual-value2>"
# }
Use the createSecret
action to create a static secret.
Available parameters:
path
: name, including full path, of the secretvalue
: secret valuedescription
: optional String
, description of the secretmultiline
: optional boolean
, The provided value is a multiline value
(separated by '\n'
). Default is false
protectionKey
: optional String
, The name of a key used to encrypt the
secret value (if empty, the account default protection key is used)tags
: optional list of String
values, List of tags to apply to the secret- task: akeyless
in:
action: createSecret
path: "/path/to/my-secret"
value: "don't hardcode this"
description: "This is my super secret secret"
Use the upateSecret
action to update a secret.
Available parameters:
path
: name, including full path, of the secretvalue
: secret valuemultiline
: optional boolean
, The provided value is a multiline value
(separated by '\n'
). Default is false
protectionKey
: optional String
, The name of a key used to encrypt the
secret value (if empty, the account default protection key is used)keepPreviousVersion
: optional boolean
, when true
keeps the previous version
in the secret’s history. Default is true
- task: akeyless
in:
action: updateSecret
path: "/my-secret"
value: "aNewValue"
multiline: false
keepPreviousVersion: false # default is true
Use the deleteItem
action to delete an item.
Available parameters:
path
: name, including full path, of the secretdeleteImmediately
: optional boolean
, when true
deletes the item
immediately. Default is true
deleteInDays
: optional number
, sets secrets to be deleted after the given
number of daysversion
: optional number
, specific version to delete. Default is all versions.
0
=last version, -1
=entire item with all versions# delete all version of a secret
- task: akeyless
in:
action: deleteItem
path: "/my-secret"
# delete on older version of a secret
- task: akeyless
in:
action: deleteItem
path: "/my-secret"
version: 2
deleteImmediately: true # same as default
# mark secret for deletion in 15 days
- task: akeyless
in:
action: deleteItem
path: "/my-secret"
deleteInDays: 15