What is Akeyless and how does it automate secrets rotation?

Akeyless is a cloud-native SaaS platform for secrets management, privileged access management, and encryption key management. It automates secrets rotation by generating new credentials for privileged accounts (such as admin/root accounts on servers or cloud resources) and resetting them on the target machine. The updated secret is securely stored and can be retrieved when needed. Secrets can be rotated automatically on a schedule (e.g., every 90 days) or manually with a single click. Supported platforms include AWS, Azure, GCP, databases, operating systems (SSH, Windows), and more.

What are dynamic secrets and how do they work in Akeyless?

Dynamic secrets in Akeyless are credentials generated every time they are accessed, based on predefined permissions. These credentials are short-lived and expire after a set time-to-live (TTL), reducing exposure and attack surface. Once the TTL expires, Akeyless deletes the credentials from the target system, ensuring they cannot be reused. Dynamic secrets can be configured for AWS, Azure, GCP, databases, Kubernetes, remote desktop, infrastructure, and certificate automation (Venafi).

How do rotated secrets differ from dynamic secrets in Akeyless?

Rotated secrets are used to protect credentials for privileged accounts by regularly resetting their passwords on the target machine. Akeyless generates a new password, updates it on the target, and stores the new secret securely. Rotation can be scheduled (e.g., every 90 days) or performed manually. Dynamic secrets, in contrast, are generated on-demand and expire after a set TTL, requiring no rotation. Rotated secrets are ideal for accounts that require persistent credentials, while dynamic secrets are best for temporary access.

Which platforms and resources can Akeyless manage secrets for?

Akeyless supports secrets management for a wide range of platforms and resources, including AWS, Azure, GCP, databases, Kubernetes, remote desktop, infrastructure, Venafi (certificate automation), operating systems (SSH, Windows), Docker Hub, LDAP, and web applications. This flexibility allows organizations to secure credentials across cloud, on-premises, and hybrid environments.

Does Akeyless provide an API for integration and automation?

Yes, Akeyless provides a comprehensive API for its platform, enabling secure integration and automation for both human and machine identities. API Keys are supported for authentication. Access the API documentation at docs.akeyless.io/docs.

Where can I find technical documentation and tutorials for Akeyless?

Akeyless offers extensive technical documentation and tutorials, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access these resources at docs.akeyless.io and tutorials.akeyless.io/docs.

What are the key features of Akeyless?

Akeyless offers vaultless architecture, Universal Identity (solving the Secret Zero Problem), Zero Trust Access with granular permissions and Just-in-Time access, automated credential rotation, centralized secrets management, cloud-native SaaS deployment, and out-of-the-box integrations with AWS IAM, Azure AD, Jenkins, Kubernetes, and Terraform. These features help organizations enhance security, reduce operational costs, and streamline workflows.

How does Akeyless address the Secret Zero Problem?

Akeyless solves the Secret Zero Problem by using Universal Identity, which enables secure authentication without storing initial access credentials. This eliminates hardcoded secrets and reduces breach risks, providing a more secure approach to secrets management.

Can Akeyless automate credential rotation for privileged accounts?

Yes, Akeyless automates credential rotation for privileged accounts such as administrator accounts on Windows servers, root accounts on Linux servers, and admin accounts on network devices. Credentials can be rotated automatically on a schedule (e.g., every 90 days) or manually. The platform updates the password on the target machine and securely stores the new secret.

What security and compliance certifications does Akeyless have?

Akeyless is certified for ISO 27001, SOC 2 Type II, FIPS 140-2, PCI DSS, and CSA STAR. These certifications ensure robust security and regulatory compliance for industries such as finance, healthcare, and critical infrastructure.

How does Akeyless protect sensitive data and enforce Zero Trust?

Akeyless uses patented encryption technologies to secure data in transit and at rest. Zero Trust Access is enforced through granular permissions and Just-in-Time access, minimizing standing privileges and reducing unauthorized access risks. Audit and reporting tools track every secret for compliance and regulatory readiness.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Organizations needing secure, scalable, and compliant secrets management and identity security solutions can benefit from Akeyless.

What business impact can customers expect from Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% in maintenance and provisioning time), scalability for multi-cloud and hybrid environments, regulatory compliance, and improved employee productivity. These impacts are supported by case studies from companies like Progress, Constant Contact, Cimpress, and Wix.

Can you share specific case studies or customer success stories?

Yes, Akeyless has several case studies and video testimonials. For example, Progress saved 70% of maintenance and provisioning time, Constant Contact scaled in multi-cloud environments, Cimpress transitioned from Hashi Vault for enhanced security, and Wix adopted centralized secrets management.

How easy is it to implement and start using Akeyless?

Akeyless can be deployed in just a few days due to its SaaS-native architecture, requiring no infrastructure management. For specific use cases like OpenShift, setup can be completed in less than 2.5 minutes. The platform offers self-guided product tours, demos, tutorials, and 24/7 support to ensure a smooth onboarding experience.

What customer support and training resources are available?

Akeyless provides 24/7 customer support via ticketing, email, and Slack. Proactive assistance is available for upgrades and troubleshooting. Training resources include self-guided product tours, platform demos, tutorials, and comprehensive technical documentation.

What feedback have customers shared about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone (Cimpress) noted, 'We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation or leakage. All of our software just works — it’s been a really smooth, really easy process.' Shai Ganny (Wix) said, 'The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely.' Adam Hanson (Constant Contact) highlighted its scalability and enterprise-class capabilities.

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless, SaaS-based architecture that eliminates the need for heavy infrastructure, reducing costs and complexity compared to HashiCorp Vault's self-hosted model. It provides advanced security features like Universal Identity, Zero Trust Access, and automated credential rotation, with faster deployment and easier scalability.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, while AWS Secrets Manager is limited to AWS. It offers better integration across diverse environments, advanced features like Universal Identity and Zero Trust Access, and significant cost savings with a pay-as-you-go model.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It provides advanced security measures like Zero Trust Access and vaultless architecture, reducing operational complexity and costs.

Which industries use Akeyless?

Akeyless is used in technology (Wix, Dropbox), cloud storage (Progress), web development (Constant Contact), printing and mass customization (Cimpress), finance, retail, manufacturing, and cloud infrastructure.

Who are some of Akeyless's customers?

Akeyless is trusted by companies such as Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox.

When was this page last updated?

This page wast last updated on 12/12/2025 .

Sam Gabrail – Platform Engineer

Automate Secrets Rotation with Akeyless

This video is part of a blog post talking about the importance of automated credential rotation.

I go into the details in the blog post, but just know that it’s a bad idea to have long lived static secrets because they give an extended exposure time and an increased attack surface.

That’s why in this video, I’ll show you how you can use Akeyless to create rotated secrets in addition to dynamic secrets. So let’s get started.

Dynamic secrets are secrets that are generated every time they’re accessed using permissions that you’ve defined in advance.

In this way, users can access a resource for a temporary period with a defined set of permissions.

What we see on the screen here is a client, and this client needs to access a resource. It could be, AWS, Azure, GCP. It could be a database that you define the actual privileges that this user will get with the associated credentials that they’re gonna get. So this customer will access their Akeyless gateway using, whatever authentication method that they have. And then from here, the gateway is going to create the necessary credentials on the target machine. Again, it could be AWS, Azure, a database, and then it will respond back giving the user temporary credentials with a time to live. And after the TTL expires, then Akeyless is gonna go out and delete those credentials.

So once again, these are short lived, and you don’t have to worry about rotating them in a sense because they’ll expire once the TTL expires.

Rotated secrets, on the other hand, enable you to protect the credentials for privileged user accounts, such as administrator accounts on a Windows server or a root account on a Linux server or an admin account on a network device by resetting its password. The Akeyless platform generates a new password, resets it on the target machine and stores the updated secret so that it can be retrieved when required.

So you can see on the screen here, we have a user that wants to access a database or AWS resource or Azure, for example. They can authenticate against the keyless, get the actual rotated secret itself, and then access that resource.

And then the keyless gateway is going to rotate the secret on a regular basis if you configure it to do so, or it can be on a manual basis. Someone can go in and just click a button and rotate that secret. This way, once again, we don’t have long lived secrets. They are rotated on a regular basis.

Alright. Let’s see now how to use dynamic secrets from the UI.

I already have a few that were set for us here for AWS.

I can see, Azure Azure portal or Azure programmatic.

I have, GCP as well. So it’s pretty simple. Once you have this already created and configured, all you need to do is go under that dynamic secret, and you can click get dynamic secret.

And this will give you your access key ID and secret access key in AWS’s example. You can see how long you’ve got time. This is the TTL of about an of an hour for those credentials to expire. And at the end of the hour, these credentials disappear from AWS. So you’re not able to access AWS anymore, which is great.

Just to quickly show you the configuration. So you choose a target.

Very important to create targets here in Akeyless. In this case, the target as is at this location.

The permissions here, you can see the I’m user used, any user policies you can put in here, user groups. In this case, we’re using user programmatic access. That’s how we saw the access ID and access secret. The TTL is sixty minutes as you can see here, and the gateway that we’re working with as well as the protection key that we’re using in this case.

So it’s pretty straightforward. Again, you can click on new here, click dynamic secret, choose from the different available options. You can see databases. You can see, AWS Azure GCP for cloud, Kubernetes, remote desktop, infrastructure, and even Venify for certificate automation.

In our case, we did AWS. If you click on AWS, click next, give it a name, and you choose an existing target for your AWS. I have a couple here. And, again, your I’m user that you can use here, programmatic access, the TTL, the gateway, and the protection key that you need. And that’s pretty much it. You click finish or you click next. You can add more options for enabling secure remote access if you wish, but that’s pretty much it in terms of setting up dynamic secrets for our AWS example.

Now, when it comes to rotated secrets, it’s very similar to what we saw with dynamic secrets. I have a few rotated secrets in here. Here’s an Azure rotated secret that we can work with.

So once again, you can take a look at the actual rotated secret here. All the details, the client ID, the client secret, the tenant subscription ID, and so on. And notice we can just click the rotate secret.

And that successfully rotated our secret. And now we have another secret here in Azure.

And as you can see, we’ve enabled automatic rotation for every ninety days automatically, the system will rotate these secrets.

You can take a look at the configuration here. Our target, once again, you always need a target. So in this case, clouds Azure is our target. The rotator type is target.

And you can see authentication of the following credentials, user credentials, our gateway, our protection key, and this is recurrent. You can specify whether you want it manual or recurrent. In this case, it’s recurrent every ninety days, and rotation hour is, eight o’clock local time.

Here, you can see the different versions of these rotated secrets. Right? So you can see our current version right here, and you can see your previous versions as well. And once again, to create this, you click you click new and then you go to rotated secret.

And there is a few here similar to what we saw with dynamic secrets. You can see database, rotated secrets, cloud. Here we have operating systems, which we didn’t have with dynamic secrets. So SSH, Windows, and we’ve got Docker Hub, LDAP, web. So the list is a little bit smaller than dynamic secrets, but nevertheless, you have quite a few to work with here. So if we go and let’s say focus on Azure, like our example, and give it a name and then a location, description, a tag, and then click next. And here you specify your target, a rotator type, target, for example.

And then from here, we can take a look and specify our gateway and choose our protection key. In this case, we’re choosing a protection key for zero knowledge encryption with our customer fragment, which makes sure that we are, safe and not even Akeyless can decrypt or see our secrets that we’re generating here. And then, of course, our rotation and our interval here is ninety days. You can change that. We can say only manual rotation or recurrent rotation, and that’s pretty much it.

Okay. So now I am in my terminal and I want to create a dynamic secret. I’m already authenticated and all I need to do is run Akeyless dash h and look for dynamic.

And you can see here command dynamic dash secrets, so we can go ahead and continue dynamic secret dash h for more help. I can create, delete, get, or get value or list. Why don’t we go ahead and list all our dynamic secrets and maybe pipe it to j q just to give it some nice color.

So here are all my dynamic secrets. I’m interested in AWS. So that’s the name of the dynamic secret I need.

So let’s clear here. And once again, run the help commands, And I need to get the value, so I need to be able to create a dynamic secret. So let’s do that by running Akeyless dynamic secret, get value.

And then once again, ask for the help menu, and I need to specify the name of that secret. So I can specify the name here with dash n cloud AWS and hit enter.

And there we go. We get our dynamic secret. You can see here the password, the secret access key here. We’ve got our TTL is a hundred and eighty minutes, and, we can use these AWS credentials to access AWS.

Now let’s see how to work with rotated secrets in the CLI.

Once again, Akeyless dash h for help, and let’s grab on rotated so I can see rotated secrets. So let’s clear.

Okay. So Akeyless rotated secret dash h for more help.

Alright. So we can actually list all the rotated secrets, use j q’s, get some nice colors.

You’ll see GCP rotated and so on. So all the different rotated secrets that are available here.

I’m interested in this one, clouds, Azure, rotated.

So let’s go ahead and clear out of here and then run our dash h one more time. We can see we can get the value here. So let’s get value and more help. We need the name, which we got previously. We can paste it here.

Hit enter, and there we have it. We get our username and password, which is basically equivalent to the client ID and the client secret in Azure, which you can also see inside of the UI very easily as well.

In this video, we’ve seen how easy it is to create dynamic and rotated secrets to generate short lived credentials using Akeyless.

So no more excuses for creating long lived credentials.

Go out there and start mandating the use of short lived credentials in your organization.

Thanks for watching, and I’ll see you in the next video.

Frequently Asked Questions

Product Information & Technical Details