Additional Information
Helpful Tips
The overall process of the Akeyless PAM integration is like other Privileged Access Manager (PAM) integrations, as follows:
-
Tenable Vulnerability Management passes the scan policy and credential settings down to Tenable Nessus. This includes the Akeyless host, port, authentication credentials, and the Credential ID of the secret to retrieve.
-
The Tenable Nessus scanner communicates with the Akeyless API. The scanner first authenticates to Akeyless using the configured authentication method (Access Key, Universal Identity, or Certificate) to obtain an access token. It then calls the appropriate secret retrieval endpoint to obtain the username, password, and/or SSH key required for target authentication.
-
The scanner uses the retrieved values to authenticate to the scan targets.
Testing Integration Connectivity
You can use curl to verify connectivity between the scanner host and the Akeyless API before running a scan.
Test Akeyless API reachability:
curl -s -o /dev/null -w "%{http_code}" \
https://api.akeyless.io/auth \
-X POST \
-H "Content-Type: application/json" \
-d '{"access-type":"access_key","access-id":"<your-access-id>","access-key":"<your-access-key>"}'
A response of 200 confirms the Akeyless API is reachable and the access key credentials are valid. A response of 401 confirms reachability but indicates invalid credentials.
Test secret retrieval (using the token from the auth response above):
curl -s \
https://api.akeyless.io/get-secret-value \
-X POST \
-H "Content-Type: application/json" \
-d '{"names":["/path/to/your/secret"],"token":"<token-from-auth-response>"}'
A successful response returns the secret value. A 403 response indicates the authentication method does not have an Access Role granting read access to that path.
Test certificate authentication:
curl -s \
https://api.akeyless.io/auth \
-X POST \
-H "Content-Type: application/json" \
--cert /path/to/client.crt \
--key /path/to/client.key \
-d '{"access-type":"certificate","access-id":"<your-access-id>"}'