diff --git a/docs/Advanced Functionality/analytics.md b/docs/Advanced Functionality/analytics.md index a4c28ed42..88b9209fd 100644 --- a/docs/Advanced Functionality/analytics.md +++ b/docs/Advanced Functionality/analytics.md @@ -21,6 +21,8 @@ The main screen tab provides information about items, such as Secrets and Keys w The user can change the timeframe for which the data is presented. +Usage Reports include a contract start date indicator for the requested product. + ![Illustration for: Request volume in the allocated timeframe](https://files.readme.io/7469f53-Screenshot_at_Nov_23_14-36-38.png) Navigate to the **Certificates** tab to get an immediate overview of your certificate's status with additional details on future expiration. diff --git a/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md b/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md index 61e7b3c9f..742f24024 100644 --- a/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md +++ b/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md @@ -112,6 +112,21 @@ globalConfig: - admin ``` +`allowedAccessPermissions` also supports wildcard matching in `access_id`. +Use `*` to apply a permission set to any access ID. + +```yaml values.yaml +globalConfig: + allowedAccessPermissions: + - name: Default read-only + access_id: "*" + permissions: + - defaults + - general +``` + +In this example, all users in the current account can perform actions on this Gateway according to their existing RBAC permissions. For example, if a user has RBAC permissions to create Dynamic Secrets or Rotated Secrets for a specific path, they can create items associated with this Gateway for that path. + ## Permission Scope Guidance Use the minimum permissions required for each operational role. diff --git a/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md b/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md index 6fea772e7..eeb27fad2 100644 --- a/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md +++ b/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md @@ -343,6 +343,8 @@ metricsExistingSecret: encryptionKeyExistingSecret: ``` +When using `allowedAccessPermissions`, wildcard access IDs are supported with `access_id: "*"`. + More options for using K8s Secrets can be found directly within the chart values file. ### Gateway Image Defaults and Override diff --git a/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md b/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md index 2bd522f6c..9c24ef0fb 100644 --- a/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md +++ b/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md @@ -147,6 +147,8 @@ AWS IAM can be used in the following approaches: In both cases, provide your [AWS IAM](https://docs.akeyless.io/docs/auth-with-aws) Authentication Method's Access ID as your `gatewayAccessId`, and at least one other Access ID in the `allowedAccessPermissions` section to provide human users access to [manage your Gateway](https://docs.akeyless.io/docs/gateway-deploy-kubernetes-helm): +`allowedAccessPermissions` also supports wildcard access IDs with `access_id: "*"`. For details, see [Authentication and Access](https://docs.akeyless.io/docs/gateway-authentication-and-access). + ```yaml values.yaml globalConfig: gatewayAuth: diff --git a/docs/Getting Started/release-notes.md b/docs/Getting Started/release-notes.md index 79d77473e..894bdb831 100644 --- a/docs/Getting Started/release-notes.md +++ b/docs/Getting Started/release-notes.md @@ -7,4 +7,4 @@ link: url: https://updates.akeyless.io/ metadata: robots: index ---- \ No newline at end of file +--- diff --git a/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md b/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md index 64219b995..2965a118c 100644 --- a/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md +++ b/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md @@ -239,6 +239,14 @@ akeyless target create db \ `--ssl-certificate`: SSL CA certificate in Base64 encoding generated from a trusted Certificate Authority (CA) +`--enable-mtls[=false]`: Enable/Disable mTLS [true/false]. Relevant only when `--ssl=true` + +`--client-certificate`: Client certificate in Base64 format. Relevant only when `--enable-mtls=true` + +`--client-private-key`: Client private key in Base64 format. Relevant only when `--enable-mtls=true` + +`--client-key-passphrase`: Optional private key passphrase. Relevant only when `--enable-mtls=true` + `--snowflake-account`: Snowflake account name `--oracle-service-name`: Oracle DB service name diff --git a/docs/Secrets Management/targets/database-targets.md b/docs/Secrets Management/targets/database-targets.md index f2d59a015..51b54e209 100644 --- a/docs/Secrets Management/targets/database-targets.md +++ b/docs/Secrets Management/targets/database-targets.md @@ -56,7 +56,11 @@ akeyless target create db \ --host \ --port \ --user-name \ ---db-name +--db-name \ +--ssl[=true] \ +--enable-mtls[=true] \ +--client-certificate \ +--client-private-key ``` ```shell PostgreSQL akeyless target create db \ @@ -66,7 +70,11 @@ akeyless target create db \ --host \ --port \ --user-name \ ---db-name +--db-name \ +--ssl[=true] \ +--enable-mtls[=true] \ +--client-certificate \ +--client-private-key ``` ```shell MSSQL akeyless target create db \ @@ -177,9 +185,17 @@ For more information, [read here](https://docs.akeyless.io/docs/gateway-zero-kno **DB Name:** Target database name. -**SSL:** Check to enable SSL, requires SSL certificate. +**SSL:** Check to enable SSL. + +**DB Server Certificate:** Optional. Set of root certificate authorities in Base64 encoding used by clients to verify server certificates. + +**mTLS:** Enable mTLS to present a client certificate and key during authentication. + +**Client Certificate:** Client certificate in Base64 format. Relevant only when **mTLS** is enabled. -**DB Server Certificate:** Set of root certificate authorities in Base64 encoding used by clients to verify server certificates. +**Client Private Key:** Client private key in Base64 format. Relevant only when **mTLS** is enabled. + +**Client Private Key Passphrase:** Optional passphrase for the client private key. Relevant only when **mTLS** is enabled. **DB Server Name:** The server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address @@ -204,7 +220,17 @@ For more information, [read here](https://docs.akeyless.io/docs/gateway-zero-kno **DB Name:** Target database name. -**SSL:** Check to enable SSL, requires SSL certificate. +**SSL:** Check to enable SSL. + +**DB Server Certificate:** Optional. Set of root certificate authorities in Base64 encoding used by clients to verify server certificates. + +**mTLS:** Enable mTLS to present a client certificate and key during authentication. + +**Client Certificate:** Client certificate in Base64 format. Relevant only when **mTLS** is enabled. + +**Client Private Key:** Client private key in Base64 format. Relevant only when **mTLS** is enabled. + +**Client Private Key Passphrase:** Optional passphrase for the client private key. Relevant only when **mTLS** is enabled. Click **Finish**.