Akeyless Permissions Reference
This section outlines the permissions, scopes, and access roles required for SailPoint Entro to operate with Akeyless Vault.
Navigation Path
Management → Accounts & Integrations → Akeyless → Permissions Reference
Required Roles and Permissions
SailPoint Entro operates in read-only mode and requires access only to secret metadata and policy associations.
| Scope | Resource | Permission Type | Description |
|---|---|---|---|
| Items | Secrets, Paths | List, Read | Allows retrieval of metadata and structure information |
| Access Roles | Roles | List, Read | Enables detection of privilege boundaries and scope mismatches |
| Auth Methods | Methods | List, Read | Correlates authentication sources and usage contexts |
SailPoint Entro Access Summary
- Access Level: Read-only (no write, modify, or delete actions)
- Token Management: Handled within the SailPoint Entro Worker (Connector)
- TLS Encryption: TLS 1.2+ enforced for all API calls
- Key Storage: AES-256 encrypted at rest within the Worker
Compliance & Security Notes
- SailPoint Entro does not access or decrypt secret content
- No configuration or policy modification occurs on Akeyless
- API keys or UIDs are never stored in plaintext
- Integration adheres to SOC 2 Type II, ISO 27001, and GDPR