Akeyless API

Name: Akeyless API API
Brand: Akeyless API
Availability: InStock

★ Only Publicly Available SpecSecuritySecrets Managementbearer17 EndpointsREST

For Agents

Authenticate, fetch and create secrets (static and dynamic), encrypt and decrypt payloads, and manage auth methods and role rules in the Akeyless vaultless platform.

Quickstart

Get started with Akeyless API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"fetch a secret value from a vaultless secrets manager"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Akeyless API API.

Authenticate via /auth and obtain a session token

Fetch and create static secrets and update their values

List, describe, and delete vault items

Generate and create dynamic secrets for short-lived database or cloud credentials

Encrypt and decrypt payloads using Akeyless-managed keys

GET STARTED

Start building with Akeyless API API

Explore with Jentic

View OpenAPI Spec

Jentic publishes the only available OpenAPI specification for Akeyless API, keeping it validated and agent-ready.

Jentic publishes the only available OpenAPI specification for Akeyless API, keeping it validated and agent-ready. Akeyless is a vaultless secrets-management platform — the v2 API exposes 17 endpoints covering authentication, static and dynamic secrets, encryption and decryption, auth methods, roles and rules, and gateway access listing. Calls are POST-driven with bearer-token authentication after an initial /auth call returns a session token.

Use Cases

Patterns agents use Akeyless API API for, with concrete tasks.

★ Just-in-time credential delivery

An automation pipeline calls Akeyless to fetch secrets at runtime instead of storing them on disk. The agent authenticates via POST /auth, then calls POST /get-secret-value for static secrets or POST /get-dynamic-secret-value to mint short-lived credentials.

POST /auth, then POST /get-secret-value with name=/prod/db/password to read the value at deploy time

Encryption and decryption workflow

Use Akeyless as a managed key service — call POST /encrypt to wrap a payload with a named Akeyless key, store the ciphertext, and POST /decrypt to recover it later. This keeps key material out of application code.

POST /encrypt with key-name=app-key and plaintext, store the returned ciphertext, then POST /decrypt to recover the original plaintext

Role and access policy automation

Manage RBAC programmatically — create a role via POST /create-role and attach access rules via POST /set-role-rule to control which paths a service can read, write, or list. Useful when an admin agent provisions new services and must grant scoped access.

POST /create-role with role-name=svc-billing, then POST /set-role-rule to grant read access to /prod/billing/*

AI agent integration via Jentic

An agent that needs runtime secrets uses Jentic to discover Akeyless operations by intent. The Akeyless access credential is stored in the Jentic vault, the agent loads the operation schema at runtime, and the response payload (e.g., a database password) is consumed by the next step without ever appearing in agent memory beyond the immediate call.

Search Jentic for 'fetch a secret value at runtime', load the Akeyless POST /get-secret-value operation, and execute with the secret name

Key Endpoints

17 endpoints — jentic publishes the only available openapi specification for akeyless api, keeping it validated and agent-ready.

METHOD

PATH

DESCRIPTION

POST

/auth

Authenticate and get a session token

POST

/get-secret-value

Get a static secret value

POST

/create-secret

Create a static secret

POST

/get-dynamic-secret-value

Get a dynamic short-lived secret

POST

/encrypt

Encrypt a payload

POST

/decrypt

Decrypt a payload

POST

/create-role

Create an RBAC role

POST

/set-role-rule

Attach an access rule to a role

POST

/auth

Authenticate and get a session token

POST

/get-secret-value

Get a static secret value

POST

/create-secret

Create a static secret

POST

/get-dynamic-secret-value

Get a dynamic short-lived secret

POST

/encrypt

Encrypt a payload

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Akeyless access credentials are stored encrypted in the Jentic vault. The agent never holds the raw access id/key — Jentic performs the /auth call and passes the resulting session token to subsequent operations.

Intent-based discovery

Agents search by intent (e.g., 'fetch a database secret at runtime') and Jentic returns the Akeyless POST /get-secret-value operation with its schema so the agent calls it without reading docs.

Time to first call

Direct Akeyless integration: 1-2 days to wire /auth, token rotation, and per-secret retrieval. Through Jentic: under an hour.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Alternative

1Password Events

Password manager with audit-event API rather than full secrets-as-a-service.

Choose 1Password when you need shared credential vaults for humans; choose Akeyless when services need programmatic dynamic-secret retrieval.

Alternative

HashiCorp

HashiCorp ecosystem (Vault, Nomad) is the closest peer to Akeyless's vaultless model.

Choose HashiCorp Vault for self-hosted secrets infrastructure; choose Akeyless for a managed, vaultless approach.

Complementary

OpenAI API

OpenAI calls themselves consume Akeyless-stored API keys at runtime.

Pair OpenAI with Akeyless when an agent must fetch the OpenAI API key from a vault rather than holding it in environment variables.

FAQs

Specific to using Akeyless API API through Jentic.

Why is there no official OpenAPI spec for Akeyless API?

Akeyless does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call Akeyless API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.

What authentication does the Akeyless API use?

Authenticate first via POST /auth to receive a session token, then pass it as a bearer token on subsequent calls. Through Jentic, both the access credential used for /auth and the resulting session token are managed in the encrypted Jentic vault.

How do dynamic secrets differ from static secrets in Akeyless?

Static secrets are stored values you create via POST /create-secret and read via POST /get-secret-value. Dynamic secrets are minted on demand via POST /get-dynamic-secret-value — they are short-lived credentials (e.g., database users) that Akeyless creates against a configured producer and revokes when the lease expires.

Can I encrypt payloads through Akeyless without managing keys?

Yes. POST /encrypt wraps your payload with a named Akeyless key and returns ciphertext; POST /decrypt reverses the operation. The key material never leaves Akeyless, so application code only handles ciphertext.

How do I fetch a secret through Jentic?

Use the Jentic search query 'fetch a secret value'. Jentic returns the POST /get-secret-value operation; supply the secret name, and Jentic injects the bearer token at execution time.

Are there rate limits on the Akeyless API?

The OpenAPI spec does not declare explicit rate limits; Akeyless applies plan-based quotas. Watch for 429 responses on burst traffic and implement exponential backoff for fetch loops.