Skip to content

Akeyless Permissions Reference

This section outlines the permissions, scopes, and access roles required for SailPoint Entro to operate with Akeyless Vault.


Management → Accounts & Integrations → Akeyless → Permissions Reference


Required Roles and Permissions

SailPoint Entro operates in read-only mode and requires access only to secret metadata and policy associations.

Scope Resource Permission Type Description
Items Secrets, Paths List, Read Allows retrieval of metadata and structure information
Access Roles Roles List, Read Enables detection of privilege boundaries and scope mismatches
Auth Methods Methods List, Read Correlates authentication sources and usage contexts

SailPoint Entro Access Summary

  • Access Level: Read-only (no write, modify, or delete actions)
  • Token Management: Handled within the SailPoint Entro Worker (Connector)
  • TLS Encryption: TLS 1.2+ enforced for all API calls
  • Key Storage: AES-256 encrypted at rest within the Worker

Compliance & Security Notes

  • SailPoint Entro does not access or decrypt secret content
  • No configuration or policy modification occurs on Akeyless
  • API keys or UIDs are never stored in plaintext
  • Integration adheres to SOC 2 Type II, ISO 27001, and GDPR