Akeyless Integration
GGScout supports integration with Akeyless to collect and monitor your secrets. This guide will help you set up and configure the integration.
Supported Features
- Multiple secret versions collection
- API key authentication
- Regular accessibility mode
- Cross-environment support
Configuration
To configure GGScout to work with Akeyless, add the following configuration to your ggscout.toml
file:
[sources.akeyless]
type = "akeyless"
api_url = "https://api.akeyless.io"
access_id = "${AKEYLESS_ACCESS_ID}"
access_key = "${AKEYLESS_ACCESS_KEY}"
accessibility = "regular"
auth_mode = "apikey"
fetch_all_versions = true
mode = "read"
env = "production"
[[sources.akeyless.include]]
resource_ids = ["/app/*", "/database/*", "/api-key"]
[[sources.akeyless.exclude]]
resource_ids = ["/test/*", "/temp/*", "/old-secret"]
Configuration Parameters
Parameter | Description | Required | Default Value |
---|---|---|---|
type | Must be set to "akeyless" | Yes | |
access_id | Your Akeyless access ID | Yes | |
access_key | Your Akeyless access key | Yes | |
accessibility | Accessibility mode (default: "regular") | No | "regular" |
auth_mode | Authentication mode (e.g., "apikey") | Yes | |
fetch_all_versions | Whether to collect all versions of secrets | Yes | |
mode | Integration mode (one of: "read", "write", "read/write") | No | "read" |
api_url | Akeyless API URL | No | "https://api.akeyless.io" |
env | Environment label for categorizing secrets (e.g., "production", "staging", "development") | No | |
[[sources.<name>.include]] | Table of resource_id patterns to include (see below) | No | |
[[sources.<name>.exclude]] | Table of resource_id patterns to exclude (see below) | No |
Note:
- Use
[[sources.<name>.include]]
and[[sources.<name>.exclude]]
tables to specify multiple include/exclude rules. Each table must have aresource_ids
array. - Patterns support wildcards (*) only at the end for prefix matching. For exact matches, specify the complete name without wildcards.
Authentication
GGScout supports authentication with Akeyless through:
- API Key: Using access ID and access key
- Environment Variables: Using standard Akeyless environment variables
Environment Variables
AKEYLESS_ACCESS_ID
: Your Akeyless access IDAKEYLESS_ACCESS_KEY
: Your Akeyless access key
Best Practices
- Use environment variables for sensitive credentials
- Follow the principle of least privilege for access policies
- Enable
fetch_all_versions
to track changes in your secrets over time - Regularly rotate access keys
- Use separate access IDs for different environments
- Implement proper secret rotation policies
- Monitor access logs for suspicious activity