Akeyless CLI Changelog: Version: 1.100.0 Date: Mar 21 2024 Feature: - Support password rotator type for Azure rotated secret via the 'rotated-secret' command - Introduce the 'revoke-certificate' command for certificate revocation capabilities. - Introduction of Private CA Certificate Revocation Lists (CRLs) via 'create-pki-issuer' and 'update-pki-issuer' commands. - Added the ability to execute custom commands after certificate provisioning via the 'assoc-target-item' command. - Enable setting maximum versions for Targets, Static Secrets, and Rotated Secrets with 'create--target', 'create-secret', and 'rotated-secret' commands. - Mandate the enabling of secret versions with the 'update-account-settings' command. Bug Fixes: - Resolved an issue related to the password length parameter in the 'dynamic-secret' command. 1.99.0 Date: Mar 4 2024 Feature: - Introduction of a format option for static secrets in the 'create-secret' and 'update-secret-val' commands. - Capability for graceful rotation of AWS rotated secrets in the 'gateway-create-rotated-secret' and 'gateway-update-item' commands. - Inclusion of a 'host' option in the update of temporary credentials via the 'dynamic-secret tmp-creds update' command. - Implementation of support for Hardware Security Module (HSM) integration with the 'gen-customer-fragment' command. - Added support for custom Public Key Infrastructure (PKI) extensions in the 'create-pki-cert-issuer', 'update-pki-cert-issuer', and 'get-pki-certificate' commands. - Added support for kubernetes dynamic secret local caching with the 'dynamic-secret get-value' command. - Enhanced GitHub dynamic secret to determine installation ID using organization name via the 'dynamic-secret create github' command. - Replacing 'gateway-create-rotated-secret' command with new 'rotated-secret' command with sub-commands for each rotated secret. 1.98.0 Date: Feb 22 2024 Feature: - Introducing event forwarder commands with new 'event-forwarder' command with sub-commands for each event forwarder type - Introducing webhook event forwarder sub-commands with the new 'event-forwarder' command - Added 'password-length' option to allow setting the password length for rotated secrets ('gateway-create-rotated-secret', 'gateway-update-item' commands) - Added support to retrieve multiple versions of the same secret ('get-secret-value' command) - Added support for LDAP rotated Secret with Web SRA option ('gateway-create-rotated-secret', 'update-rotated-secret' commands) 1.97.0 Date: Feb 15 2024 Feature: - Added support for GoDaddy as a public Certificate Authority (CA) target, introducing 'create-godaddy-target' and 'update-godaddy-target' commands. - Introduced the capability to set a configurable maximum Time-To-Live (TTL) for Dynamic Secrets and to adjust the maximum rotation interval for Rotating Secrets with the 'update-account-settings' command. Miscellaneous: - Enabled the exec into pods via a Kubernetes tunnel when using the 'connect' command. Bug Fixes: - Resolved a timeout issue associated with the 'connect' command. 1.96.0 Date: Feb 7 2024 Feature: - Added product types option to auth methods commands - Support automatic extraction of hosts from an SRA Target for LDAP Rotated Secrets ('assoc-target-item', 'gateway-create-rotated-secret', 'gateway-update-rotated-secret' commands) - Introducing new OCI (Oracle Cloud Infrastructure) auth method ('create-auth-method-oci', 'update-auth-method-oci' commands) - A new 'password-length' parameter is added to the dynamic-secret commands, enabling the customization of temporary password lengths for dynamic secrets - Replacing 'gateway-<>-producer-<>' commands with new 'dynamic-secret' command with sub-commands for each dynamic secret - Replacing 'gateway-start-producer' & 'gateway-stop-producer' commands with 'set-item-state' command 1.95.0 Date: Jan 30 2024 Feature: - Added a new 'provision-certificate' command for Certificate Provisioning - Added several supporting options for the Certificate Provisioning functionality ('assoc-target-item' commands) - Added a new 'renew-certificate' command Certificate Renewal operations 1.94.0 Date: Jan 25 2024 Feature: - Added 'update-mode' option to skip or update existing passwords ('import-passwords', command) - Added 'k8s-tunnel' option to create a tunnel to a k8s cluster with a dynamic port ('connect' command) - Added 'description' option to Auth Methods ('create-auth-method-*' and 'update-auth-method-*' commands) 1.93.0 Date: Jan 21 2024 Feature: - Added 'generate-key' option to dynamically generate ssh key pair for every session ('connect' command) - Added 'event-center-access' and 'event-forwarders-access' options to allow event center access and event forwarder management ('create-role', 'update-role' commands) - Support providing a prehashed message to sign ('sign-ecdsa', 'sign-pkcs1', 'ssign-rsassa-pss' commands) - Support hash function selection and input format ('sign-pkcs1' command) - Added 'change-event' option for triggering an event when a Static Secret value has changed ('create-secret', 'update-item' commands) 1.92.0 Date: Jan 8 2024 Feature: - Added SSL support for Cassandra DB Dynamic Secret ('gateway-create-producer-cassandra', 'gateway-update-producer-cassandra' commands) Miscellaneous: - Support changing the type of Linked Targets without a Parent Target ('create-linked-target', 'update-linked-target' commands) 1.91.0 Date: Jan 2 2024 Feature: - Adding last-version option to verify the exact version the client expects before updating ('update-secret-val' command) - Support filtering by Users Group in Server-Inventory Migration ('gateway-create-migration', 'gateway-update-migration' commands) Bug Fixes: - Fixed issue with exporting public key of RSA and PGP keys ('export-classic-key' command) - Improve certificate format for RSA keys ('describe-item' command) 1.90.0 Date: Dec 20 2023 Feature: - Renaming ESM to Universal Secrets Connector ('create-usc', 'usc' commands) - Support Certificate extensions for asymmetric DFC & Classic Keys as part of Self-Signed Certificate issuing ('create-key', 'create-dfc-key', 'create-classic-key' commands) Miscellaneous: - Support case-sensitivity for sub-claims in Gateway's Access ('gateway-create-allowed-access', 'gateway-update-allowed-access' commands) - Support Azure AD Workload Identity as part of Azure AD authentication ('auth' command) - Disable issuer validation by default when creating a new K8s config ('gateway-create-k8s-auth-config', 'gateway-update-k8s-auth-config' commands) Bug Fixes: - Fixed the update of Rotated Secret protection key ('update-rotated-secret' command) 1.89.0 Date: Dec 11 2023 Feature: - Active Directory migration, added filtering and discovery options ('gateway-create-migration', 'gateway-update-migration' commands) Miscellaneous: - Allow creating Rotated Secrets without an initial secret value - Support generating CSRs for DFC keys ('generate-csr' command) - Support updating Classic Key's certificate without rotating it ('update-classic-key-certificate' command) - Active Directory discovery, added the associated windows services to the describe-item output ('describe-item' command) 1.88.0 Date: Nov 27 2023 Feature: - Allow signing of PKI certificates with ECDSA keys ('get-pki-certificate' command) - Support using hosts from SSH Targets for SRA in SSH Cert Issuer ('create-ssh-cert-issuer' and 'update-ssh-cert-issuer' commands) - Support deleting of multiple secrets in one command ('delete-items' command) - Support configuring Usage Event notification in the Account Settings ('update-account-settings' command) 1.87.0 Date: Nov 14 2023 Feature: - Support JWT authentication for ServiceNow forwarder ('create-event-forwarder' and 'update-event-forwarder' commands) Miscellaneous: - Updated the default encryption split-level to 3 ('upload-rsa' and 'upload-pkcs12' commands) 1.86.0 Date: Oct 25 2023 Feature: - Support Certificate Authentication using Keychain & Certificate Store ('auth' command) - Support ECDSA signing ('sign-ecdsa' and 'verify-ecdsa' commands) - Support RSASSA-PSS signing ('sign-rsassa-pss' and 'verify-rsassa-pss' commands) 1.85.0 Date: Oct 4 2023 Feature: - Support authenticating to Microsoft Azure SQL (MS-SQL target) using a Service Principal ('create-db-target', 'update-db-target' commands) - Support defining sub-claims delimiters for OIDC, SAML, OAuth2 Auth methods ('create-auth-method-saml', 'update-auth-method-saml', 'create-auth-method-oidc', 'update-auth-method-oidc', 'create-auth-method-oauth2', 'update-auth-method-oauth2') Miscellaneous: - Added 'gateway-url' option to support Classic Key creation for CSR generation ('generate-csr' command) - Added 'name' option for the Customer Fragment generation ('gen-customer-fragment' command) 1.84.0 Date: Sep 07 2023 Feature: - Support using client certificate for K8s Authentication Method ('gateway-create-k8s-auth-config', 'gateway-update-k8s-auth-config' commands) - Support using client certificate for K8s authentication via Generic K8s Target ('create-k8s-target', 'update-k8s-target' commands) - Support configuring items naming convention in the Account Settings ('update-account-settings' command) Miscellaneous: - Bug fixes 1.83.0 Date: Aug 23 2023 Miscellaneous: - Added a new 'use-ssh-agent' option to allow setting ssh-agent mode, disabled by default. ('connect' command) - Added a new 'usage-reports-access' option to grant access to the Usage Reports in the Console WebUI ('create-role', 'update-role' commands). - Bug fixes 1.82.1 Date: Jul 30 2023 Miscellaneous: - Support password with asterisk ('auth' and 'configure' commands) - Support AKEYLESS_GATEWAY_URL environment variable ('connect' command) - Fix bug with updating passwords ('update-secret-value' command) - Fix bug with output format ('generate-csr' command) - Minor bug fix 1.82.0 Date: Jul 20 2023 Feature: - New event types and new source types were added to event-forwarder commands ('create-event-forwarder', 'get-event-forwarder', 'update-event-forwarder', 'delete-event-forwarder' commands) - Updated option for auto-pagination to enable/disable automatic pagination ('list-items' command) 1.81.0 Date: Jul 11 2023 Feature: - Adding a new Target type for GlobalSign Atlas CA ('create-globalsign-atlas-target', 'update-globalsign-atlas-target' commands) - Added 'output-format' option to receive output as base64 ('decrypt-pkcs1' command) 1.80.0 Date: Jul 09 2023 Feature: - New command to generate a Certificate Signing Request ('generate-csr' command) 1.79.0 Date: Jul 5 2023 Feature: - Added a new command to create Email Auth-Methods ('create-auth-method-email' command) - Added a new 'is-ca' option (true/false) to set the basic constraints extension in the certificate ('create-pki-cert-issuer', 'update-pki-cert-issuer' commands) 1.78.0 Date: Jun 26 2023 Feature: - Support association of Linked-Targets with Rotated Secrets ('create-rotated-secret', 'update-rotated-secret' commands) - Added a new 'host' option to retrieve a Rotated Secret value when using Linked-Targets ('get-rotated-secret-value' command) - Added a new 'default-key-name' option to set a Default Protection Key at the account level ('update-account-settings' command) 1.77.0 Date: Jun 19 2023 Feature: - Added a new 'items-deletion-protection' option to enable/disable item delete protection at the account level ('update-account-settings' command) Miscellaneous: - Adding new types of Classic Keys: AES128CBC, AES256CBC ('create-classic-key' command) - Update password related parameter names ('create-secret', 'update-secret-val' commands) - Fix bug with CSV header changes ('import-passwords' command) 1.76.0 Date: Jun 5 2023 Feature: - Added environment variables to allow providing a trusted ca-cert when working in Gateway mode ('AKEYLESS_TRUSTED_TLS_CERTIFICATE_FILE', 'AKEYLESS_TRUSTED_TLS_CERTIFICATE_DATA' environment variables) Miscellaneous: - Performance improvements for list-items with a lot of items ('list-items' command) 1.75.0 Date: May 17 2023 Feature: - Added support to receive 'access-token', 'refresh-token' and 'client-id' for Venafi TPP ('gateway-create-producer-certificate-automation' and 'gateway-update-producer-certificate-automation' commands) - Added new certificate related options to support self-signed certificates ('create-key', 'create-dfc-key' and 'create-classic-key' commands) - New command to allow creating keys from Static Secrets values ('derive-key' command) 1.74.0 Date: May 11 2023 Feature: - New command to allow programmatic deletion of a Gateway cluster ('delete-gateway-cluster' command) - Added a new 'sra-only' option to filter by items with SRA functionality enabled ('list-items' command) - Support RDP authentication in Static Secret for SRA access ('create-secret' and 'update-item' commands) - Added Automatic Migration support for Server Inventory sub-commands ('gateway-migration-create' and 'gateway-migration-update' commands) - Added the username in the response of Password items ('get-secret-value' command) Miscellaneous: - Update Active Directory required parameters - option 'ad-user-groups' is no longer required ('gateway-migration-create' and 'gateway-migration-update' commands) - Bug fixes 1.73.0 Date: May 03 2023 Feature: - Adding a new Target type: Windows Target (using WinRM to access remote Windows machines) ('create-windows-target' and 'update-windows-target' commands) - RDP Rotated Secret for Windows Target (`create-rotated-secret` and 'update-rotated-secret' commands) - Active Directory migration support for Windows Target ('gateway-migration-create' and 'gateway-migration-update' commands) - Add support to upload certificate in multiple formats: pem,cer,crt,pfx,p12 (in 'create-certificate', 'update-certificate-value' and 'get-certificate-value' commands) - New command to list rotated secrets per gateway ('gateway-list-rotated-secrets' command) - Adding ability to export only Public Key ('export-classic-key' command) - Outputs public key when it's available ('create-classic-key' command) Miscellaneous: - Bug fixes 1.72.0 Date: Apr 18 2023 Feature: - Added 'artifact-repository' option for alternative repo of the cli binary ('update' command) - Adding a new Target type for GlobalSign CA ('create-globalsign-target', 'update-globalsign-target' commands) Miscellaneous: - Bug fixes 1.71.0 Date: Apr 4 2023 Feature: - New and updated options ('signer-key-name', 'ttl') to support Public CA integration ('create-pki-cert-issuer', 'get-certificate-value' commands) - Adding a new Target type ZeroSSL ('create-zerossl-target' command) 1.70.0 Date: Mar 22 2023 Features: - New command for HMAC Encryption ('hmac' command) - Support a new Target type Linked Target ('create-linked-target', 'update-linked-target' commands) Miscellaneous: - Bug fixes 1.69.0 Date: Mar 14 2023 Features: - New commands for External Secrets Manager ('create-esm' and 'esm' commands) Miscellaneous: - Security hardening - Bug fixes 1.68.1 Date: Mar 06 2023 Miscellaneous: - Bug fixes ('decrypt-file' command) 1.68.0 Date: Mar 06 2023 Features: - New command for importing Passwords from a CSV file ('import-passwords' command) - New command for exporting a Customer Fragments file from a Gateway ('gateway-download-customer-fragments' command) - Adding 'output-format' option, to select the encryption file format either base64 (default) or raw ('encrypt-file' , 'decrypt-file' commands) 1.67.0 Date: Mar 02 2023 Miscellaneous: - Improve performance of Encryption and Decryption for large files. In addition to supporting Classic Keys ('encrypt-file' and 'decrypt-file' commands) 1.66.2 Date: Feb 27 2023 Miscellaneous: - Fix missing version bug 1.66.0 Date: Feb 26 2023 Features: - Support K8S RBAC for Generic K8S Dynamic Secret, adding the following options: 'k8s-service-account-type', 'k8s-allowed-namespaces', 'k8s-predefined-role-name', 'k8s-predefined-role-type', 'k8s-rolebinding-yaml-def' ('gateway-create-producer-k8s' command) - Adding 'mysql-revocation-statements' for MySQL Dynamic Secret ('gateway-create-producer-mysql' and 'gateway-update-producer-mysql' commands) - Adding 'gateway-details' option to display Gateway information for relevant items ('describe-item' command) Miscellaneous: - Bug Fixes 1.65.0 Date: Feb 12 2023 Features: - New commands for adding/removing Gateway's Allowed Access IDs ('add-gw-access-id', 'delete-gw-access-id' commands) - Support 'api-version' option to define the returned API version of the ExecCreds object ('get-kube-exec-creds' command) Miscellaneous: - Bug Fixes 1.64.2 Date: Jan 24 2023 Miscellaneous: - Fix bug where optional fields of 'alt-names' and 'uri-sans' are mandatory when using CSR ('get-pki-certificate' command) 1.64.1 Date: Jan 24 2023 Features: - Updating 'comment' option to 'description' (related to Target and Role related commands) - Bug fixes 1.64.0 Date: Jan 23 2023 Features: - Adding 'csr-file-path' and 'csr-data-base64' flags to receive a certificate based on a CSR instead of a private/public key ('get-pki-certificate' command) - Adding the ability to add multiple rules to role with a json file ('set-role-rule' command) - Adding 'rotate-after-disconnect' to automatically rotate a secret after SRA session ('create-rotated-secret' and 'update-rotated-secret' commands) - Support a new Target for Ping IdP ('create-ping-target', 'update-ping-target' commands) - Support a new Dynamic Secret for Ping IdP ('gateway-create-producer-ping', 'gateway-update-producer-ping' commands) 1.63.0 Date: Jan 17 2023 Features: - New commands for GPG keys ('encrypt-gpg', 'decrypt-gpg', 'sign-gpg', 'verify-gpg' commands) - Adding 'disable-previous-key-version' option to automatically disable previous key versions (relevant only for Azure Targets) ('assoc-target-item' command) - Replacing 'metadata' option with 'description' to align with WebUI 1.62.0 Date: Jan 11 2023 Features: - New commands for setting or updating the Gateway's TLS certificate and key ('gateway-update-tls-cert') - Adding 'jq-expression' option to manipulate the json output (relevant for all commands with json output) - Adding 'allowed-urls-only' option to display bastion list with just the Allowed-URLs setting ('list-sra-bastions' command) - Bug fixes 1.61.0 Date: Dec 30 2022 Features: - New commands for Certificate Management ('create-certificate', 'get-certificate-value', 'update-certificate-value') 1.60.0 Date: Dec 29 2022 Features: - New commands for Events Notification Forwarders ('create-event-forwarder', 'get-event-forwarder', 'update-event-forwarder', 'delete-event-forwarder' commands) - New Request Access for Static Secrets for non-privileged users ('request-access' command) Miscellaneous: - Added 'ssh-command' option to specify path to SSH executable ('connect' command) 1.59.0 Date: Dec 15 2022 Feature: - Interactive mode updates, copying binary to .akeyless folder (in ~/.akeyless/bin/) Miscellaneous: - Bug fixes (in 'get-cloud-identity' commands) 1.58.0 Date: Dec 7 2022 Feature: - Adding 'jq-expression' option to manipulate the json output ('get-dynamic-secret-value' command) Miscellaneous: - Bug fixes (in 'get-kube-exec-creds' and 'gateway-migrate-personal-items' commands) 1.57.0 Date: Nov 29 2022 Feature: - Adding 'ignore-cache' option to bypass Gateway's cache for specific API requests ('get-rotated-secret-value' command) Miscellaneous: - Bug fixes 1.56.0 Date: Nov 24 2022 Feature: - Adding audience option for authentication flow ('create-auth-method-oidc' and 'update-auth-method-oidc' commands) - Adding a new 'export-classic-key' command - Adding a new 'share-item' command, for sharing items with external users Miscellaneous: - Bug fixes 1.55.0 Date: Nov 17 2022 Feature: - Adding 'ignore-cache' option to bypass Gateway's cache for specific API requests ('get-secret-value' command) - Adding 'cloud-provider' option to specify the Cloud Service Provider ('get-cloud-identity' command) 1.54.0 Date: Oct 26 2022 Feature: - Added multi-region support for Classic Keys in AWS Target ('assoc-target-item' command) - Support dynamic service-accounts with customer role binding in GCP Dynamic Secret ('gateway-create-producer-gcp' command) - Support automatic key-activation for KMIP key creation using 'activate-keys-on-creation' option ('kmip-create-client' command) - Bug fixes 1.53.0 Date: Oct 3 2022 Feature: - Adding a new 'gateway-migrate-personal-items' command, for migration of personal items from an external vault (require gateway version 3.15.0 or above) - Added 'disable-issuer-validation' option to 'gateway-k8s-auth-config' command - Bug fix in LDAP auth method - Support for Active Directory Automatic Migration sub-commands ('gateway-migration-create' and 'gateway-migration-update' commands) 1.52.0 Date: Sep 13 2022 Feature: - Added CBC key types: [ AES128CBC, AES256CBC ] ('create-key' command) - Added 'input-format' option to provide input as base64 ('encrypt' command) - Added 'output-format' option to receive output as base64 ('decrypt' command) - Added a new 'list-gateways' command that returns a list of Gateways - Added a new 'list-sra-bastions' command that returns a list of SRA Bastions 1.51.1 Date: Aug 17 2022 Feature: - Added generate-key option for a automatic key-pair generation ('create-auth-method-ldap', 'update-auth-method-ldap' commands) - Improved input validation and bug fix in LDAP authentication 1.51.0 Date: Aug 07 2022 Feature: - Added AuthFlow option to support JWT auth for salesforce targets ('create-salesforce-target' command) - Supporting item-id and display-id as an alternative identifier to key-name ('describe-item', 'encrypt', 'decrypt', 'sign-pkcs1' and 'verify-pkcs1' commands) 1.50.0 Date: Jul 31 2022 Feature: - Introducing a new command that describe the sub-claims associated with the provided token or cli profile('describe-sub-claims' command) - Supporting Rancher for Kubernetes Auth Method ('gateway-create-k8s-auth-config' and 'gateway-update-k8s-auth-config' commands) 1.49.6 Date: Jul 25 2022 Miscellaneous: - Supporting Password Manager commands ('create-secret' and 'update-secret-val' commands) 1.49.5 Date: Jul 03 2022 Miscellaneous: - Support ssh-legacy-signing-alg option for legacy SSH Certificate signing algorithm ('connect' command) - Bug fix 1.49.4 Date: Jun 28 2022 Miscellaneous: - Adjustments to command options ('create-tokenizer' and 'update-tokenizer' commands) 1.49.3 Date: Jun 26 2022 Miscellaneous: - Support Delete Protection option for Dynamic Secret producers ('gateway-create-producer-xxx' and 'gateway-update-producer-xxx' commands) - Ability to retrieve the latest Automatic Migration status ('gateway-migration-status' command) 1.49.2 Date: Jun 15 2022 Miscellaneous: - Bug fixes 1.49.1 Date: Jun 13 2022 Miscellaneous: - Fix akeyless connect command to work in Gateway mode 1.49.0 Date: Jun 13 2022 Feature: - Support Delete Protection to prevent accidental deletion of items ('--delete-protection' option in relevant create/update commands) Miscellaneous: - Improvements to the Allowed Client and GW IPs in Auth Methods ('create-auth-method', 'update-auth-method' commands) - Support LDAP auth config for GW ('gateway-update-ldap-auth-config', 'gateway-get-ldap-auth-config' commands) 1.48.0 Date: May 17 2022 Feature: - Support triggering a Rotate Secret Now programmatically ('gateway-rotate-secret' command) 1.47.1 Date: May 12 2022 Feature: - Support Create, Update, Read, and Delete command for Automatic Migration configuration ('gateway-create-migration', 'gateway-update-migration', 'gateway-get-migration', 'gateway-delete-migration' commands) 1.47.0 Date: Apr 20 2022 Feature: - Support Unique Identifier for LDAP Authentication Method ('create-auth-method-ldap' command) - Support partial name filtering for listing Targets, Auth-Methods and Access-Roles ('list-targets', 'list-auth-methods', 'list-roles' commands) - Display CLI changelog delta (from current version to the latest) ('akeyless update --show-changelog' command) - Improved supported capabilities list for KMIP server ('kmip-client-set-rule' command) 1.46.0 Date: Apr 11 2022 Feature: - Support for Google Authentication ('auth' and 'configure' commands) - Support for Github Authentication ('auth' and 'configure' commands) - Filter List Auth Methods by Auth Method Type ('list-auth-methods' command) - Support for SAP Hana DB (Dynamic Secret, Rotated Secret and Target) - Support interactive Auth Methods when using CLI in Gateway mode 1.45.25 Date: Mar 28 2022 Miscellaneous: - Support 'akeyless update' in Gateway mode.