akeylesslabs · harrison-akeyless · Apr 29, 2026 · Apr 29, 2026 · Apr 29, 2026 · Apr 29, 2026
diff --git a/docs/Advanced Functionality/analytics.md b/docs/Advanced Functionality/analytics.md
@@ -21,6 +21,8 @@ The main screen tab provides information about items, such as Secrets and Keys w
 
 The user can change the timeframe for which the data is presented.
 
+Usage Reports include a contract start date indicator for the requested product.
+
 ![Illustration for: Request volume in the allocated timeframe](https://files.readme.io/7469f53-Screenshot_at_Nov_23_14-36-38.png)
 
 Navigate to the **Certificates** tab to get an immediate overview of your certificate's status with additional details on future expiration.

diff --git a/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md b/docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md
@@ -112,6 +112,21 @@ globalConfig:
         - admin
 ```
 
+`allowedAccessPermissions` also supports wildcard matching in `access_id`.
+Use `*` to apply a permission set to any access ID.
+
+```yaml values.yaml
+globalConfig:
+  allowedAccessPermissions:
+    - name: Default read-only
+      access_id: "*"
+      permissions:
+        - defaults
+        - general
+```
+
+In this example, all users in the current account can perform actions on this Gateway according to their existing RBAC permissions. For example, if a user has RBAC permissions to create Dynamic Secrets or Rotated Secrets for a specific path, they can create items associated with this Gateway for that path.
+
 ## Permission Scope Guidance
 
 Use the minimum permissions required for each operational role.

diff --git a/...eway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md b/...eway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md
@@ -343,6 +343,8 @@ metricsExistingSecret:
 encryptionKeyExistingSecret:
 ```
 
+When using `allowedAccessPermissions`, wildcard access IDs are supported with `access_id: "*"`.
+
 More options for using K8s Secrets can be found directly within the chart values file.
 
 ### Gateway Image Defaults and Override

diff --git a/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md b/docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/index.md
@@ -147,6 +147,8 @@ AWS IAM can be used in the following approaches:
 
 In both cases, provide your [AWS IAM](https://docs.akeyless.io/docs/auth-with-aws) Authentication Method's Access ID as your `gatewayAccessId`, and at least one other Access ID in the `allowedAccessPermissions` section to provide human users access to [manage your Gateway](https://docs.akeyless.io/docs/gateway-deploy-kubernetes-helm):
 
+`allowedAccessPermissions` also supports wildcard access IDs with `access_id: "*"`. For details, see [Authentication and Access](https://docs.akeyless.io/docs/gateway-authentication-and-access).
+
 ```yaml values.yaml
 globalConfig:
   gatewayAuth:

diff --git a/docs/Getting Started/release-notes.md b/docs/Getting Started/release-notes.md
@@ -7,4 +7,4 @@ link:
   url: https://updates.akeyless.io/
 metadata:
   robots: index
----
+---
diff --git a/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md b/docs/Integrations & Plugins/cli-reference/cli-ref-targets.md
@@ -239,6 +239,14 @@ akeyless target create db \
 
 `--ssl-certificate`: SSL CA certificate in Base64 encoding generated from a trusted Certificate Authority (CA)
 
+`--enable-mtls[=false]`: Enable/Disable mTLS [true/false]. Relevant only when `--ssl=true`
+
+`--client-certificate`: Client certificate in Base64 format. Relevant only when `--enable-mtls=true`
+
+`--client-private-key`: Client private key in Base64 format. Relevant only when `--enable-mtls=true`
+
+`--client-key-passphrase`: Optional private key passphrase. Relevant only when `--enable-mtls=true`
+
 `--snowflake-account`: Snowflake account name
 
 `--oracle-service-name`: Oracle DB service name

diff --git a/docs/Secrets Management/targets/database-targets.md b/docs/Secrets Management/targets/database-targets.md
@@ -56,7 +56,11 @@ akeyless target create db \
 --host <Database host> \
 --port <Database port> \
 --user-name <Database user name> \
---db-name <Database name>
+--db-name <Database name> \
+--ssl[=true] \
+--enable-mtls[=true] \
+--client-certificate <Client certificate in Base64> \
+--client-private-key <Client private key in Base64>
 ```
 ```shell PostgreSQL
 akeyless target create db \
@@ -66,7 +70,11 @@ akeyless target create db \
 --host <Database host> \
 --port <Database port> \
 --user-name <Database user name> \
---db-name <Database name>
+--db-name <Database name> \
+--ssl[=true] \
+--enable-mtls[=true] \
+--client-certificate <Client certificate in Base64> \
+--client-private-key <Client private key in Base64>
 ```
 ```shell MSSQL
 akeyless target create db \
@@ -177,9 +185,17 @@ For more information, [read here](https://docs.akeyless.io/docs/gateway-zero-kno
 
 **DB Name:** Target database name.
 
-**SSL:** Check to enable SSL, requires SSL certificate.
+**SSL:** Check to enable SSL.
+
+**DB Server Certificate:** Optional. Set of root certificate authorities in Base64 encoding used by clients to verify server certificates.
+
+**mTLS:** Enable mTLS to present a client certificate and key during authentication.
+
+**Client Certificate:** Client certificate in Base64 format. Relevant only when **mTLS** is enabled.
 
-**DB Server Certificate:** Set of root certificate authorities in Base64 encoding used by clients to verify server certificates.
+**Client Private Key:** Client private key in Base64 format. Relevant only when **mTLS** is enabled.
+
+**Client Private Key Passphrase:** Optional passphrase for the client private key. Relevant only when **mTLS** is enabled.
 
 **DB Server Name:** The server name is used to verify the hostname on the returned certificates unless InsecureSkipVerify is provided. It is also included in the client's handshake to support virtual hosting unless it is an IP address
 
@@ -204,7 +220,17 @@ For more information, [read here](https://docs.akeyless.io/docs/gateway-zero-kno
 
 **DB Name:** Target database name.
 
-**SSL:** Check to enable SSL, requires SSL certificate.
+**SSL:** Check to enable SSL.
+
+**DB Server Certificate:** Optional. Set of root certificate authorities in Base64 encoding used by clients to verify server certificates.
+
+**mTLS:** Enable mTLS to present a client certificate and key during authentication.
+
+**Client Certificate:** Client certificate in Base64 format. Relevant only when **mTLS** is enabled.
+
+**Client Private Key:** Client private key in Base64 format. Relevant only when **mTLS** is enabled.
+
+**Client Private Key Passphrase:** Optional passphrase for the client private key. Relevant only when **mTLS** is enabled.
 
 Click **Finish**.