akeyless 5.0.20 → 5.0.22

data/docs/GatewayCreateMigration.md

@@ -6,6 +6,8 @@
 | ---- | ---- | ----------- | ----- |
 | **service_account_key_decoded** | **String** |  | [optional] |
 | **ad_auto_rotate** | **String** | Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with --ad-rotation-interval and --ad-rotation-hour parameters (Relevant only for Active Directory migration) | [optional] |
+| **ad_cert_expiration_event_in** | **Array<String>** | How many days before the expiration of discovered certificates would you like to be notified (Relevant only for Active Directory migration with certificate discovery enabled) | [optional] |
+| **ad_certificates_path_template** | **String** | Path location template for migrating certificates e.g.: /Certificates/{{COMMON_NAME}} (Relevant only for Active Directory migration with certificate discovery enabled) | [optional] |
 | **ad_computer_base_dn** | **String** | Distinguished Name of Computer objects (servers) to search in Active Directory e.g.: CN=Computers,DC=example,DC=com (Relevant only for Active Directory migration) | [optional] |
 | **ad_discover_iis_app** | **String** | Enable/Disable discovery of IIS application from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration) | [optional][default to 'false'] |
 | **ad_discover_services** | **String** | Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration) | [optional][default to 'false'] |
@@ -28,6 +30,7 @@
 | **ad_winrm_over_http** | **String** | Use WinRM over HTTP, by default runs over HTTPS | [optional][default to 'false'] |
 | **ad_winrm_port** | **String** | Set the WinRM Port for further connection to the domain servers. Default is 5986 (Relevant only for Active Directory migration) | [optional][default to '5986'] |
 | **ad_discover_local_users** | **String** | Enable/Disable discovery of local users from each domain server and migrate them as SSH/Windows Rotated Secrets. Default is false: only domain users will be migrated. Discovery of local users might require further installation of SSH on the servers, based on the supplied computer base DN. This will be implemented automatically as part of the migration process (Relevant only for Active Directory migration) Deprecated: use AdDiscoverTypes | [optional] |
+| **ai_certificate_discovery** | **String** | Enable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway) | [optional] |
 | **aws_key** | **String** | AWS Secret Access Key (relevant only for AWS migration) | [optional] |
 | **aws_key_id** | **String** | AWS Access Key ID with sufficient permissions to get all secrets, e.g. 'arn:aws:secretsmanager:[Region]:[AccountId]:secret:[/path/to/secrets/*]' (relevant only for AWS migration) | [optional] |
 | **aws_region** | **String** | AWS region of the required Secrets Manager (relevant only for AWS migration) | [optional][default to 'us-east-2'] |
@@ -35,8 +38,13 @@
 | **azure_kv_name** | **String** | Azure Key Vault Name (relevant only for Azure Key Vault migration) | [optional] |
 | **azure_secret** | **String** | Azure Key Vault secret (relevant only for Azure Key Vault migration) | [optional] |
 | **azure_tenant_id** | **String** | Azure Key Vault Access tenant ID (relevant only for Azure Key Vault migration) | [optional] |
+| **conjur_account** | **String** | Conjur account name set on your Conjur server (relevant only for Conjur migration). | [optional] |
+| **conjur_api_key** | **String** | Conjur API Key for the specified user (relevant only for Conjur migration). | [optional] |
+| **conjur_url** | **String** | Conjur server base URL (relevant only for Conjur migration). If conjur-url is HTTPS and Conjur uses a private CA/self-signed certificate, make the CA bundle available on the Gateway and set CONJUR_SSL_CERT_PATH to its path. | [optional] |
+| **conjur_username** | **String** | Conjur username used to authenticate (relevant only for Conjur migration). | [optional] |
 | **expiration_event_in** | **Array<String>** | How many days before the expiration of the certificate would you like to be notified. | [optional] |
 | **gcp_key** | **String** | Base64-encoded GCP Service Account private key text with sufficient permissions to Secrets Manager, Minimum required permission is Secret Manager Secret Accessor, e.g. 'roles/secretmanager.secretAccessor' (relevant only for GCP migration) | [optional] |
+| **gcp_project_id** | **String** | GCP Project ID (cross-project override) | [optional] |
 | **hashi_json** | **String** | Import secret key as json value or independent secrets (relevant only for HasiCorp Vault migration) [true/false] | [optional][default to 'true'] |
 | **hashi_ns** | **Array<String>** | HashiCorp Vault Namespaces is a comma-separated list of namespaces which need to be imported into Akeyless Vault. For every provided namespace, all its child namespaces are imported as well, e.g. nmsp/subnmsp1/subnmsp2,nmsp/anothernmsp. By default, import all namespaces (relevant only for HasiCorp Vault migration) | [optional] |
 | **hashi_token** | **String** | HashiCorp Vault access token with sufficient permissions to preform list & read operations on secrets objects (relevant only for HasiCorp Vault migration) | [optional] |
@@ -65,8 +73,9 @@
 | **si_users_path_template** | **String** | Path location template for migrating users as Rotated Secrets e.g.: .../Users/{{COMPUTER_NAME}}/{{USERNAME}} (Relevant only for Server Inventory migration) |  |
 | **target_location** | **String** | Target location in Akeyless for imported secrets |  |
 | **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
-| **type** | **String** | Migration type (hashi/aws/gcp/k8s/azure_kv/active_directory/server_inventory/certificate) | [optional] |
+| **type** | **String** | Migration type (hashi/aws/gcp/k8s/azure_kv/conjur/active_directory/server_inventory/certificate) | [optional] |
 | **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+| **use_gw_cloud_identity** | **Boolean** | Use the GW's Cloud IAM | [optional] |
 
 ## Example
 
@@ -76,6 +85,8 @@ require 'akeyless'
 instance = Akeyless::GatewayCreateMigration.new(
   service_account_key_decoded: null,
   ad_auto_rotate: null,
+  ad_cert_expiration_event_in: null,
+  ad_certificates_path_template: null,
   ad_computer_base_dn: null,
   ad_discover_iis_app: null,
   ad_discover_services: null,
@@ -98,6 +109,7 @@ instance = Akeyless::GatewayCreateMigration.new(
   ad_winrm_over_http: null,
   ad_winrm_port: null,
   ad_discover_local_users: null,
+  ai_certificate_discovery: null,
   aws_key: null,
   aws_key_id: null,
   aws_region: null,
@@ -105,8 +117,13 @@ instance = Akeyless::GatewayCreateMigration.new(
   azure_kv_name: null,
   azure_secret: null,
   azure_tenant_id: null,
+  conjur_account: null,
+  conjur_api_key: null,
+  conjur_url: null,
+  conjur_username: null,
   expiration_event_in: null,
   gcp_key: null,
+  gcp_project_id: null,
   hashi_json: null,
   hashi_ns: null,
   hashi_token: null,
@@ -136,7 +153,8 @@ instance = Akeyless::GatewayCreateMigration.new(
   target_location: null,
   token: null,
   type: null,
-  uid_token: null
+  uid_token: null,
+  use_gw_cloud_identity: null
 )
 ```
 

data/docs/GatewayUpdateMigration.md

@@ -6,6 +6,8 @@
 | ---- | ---- | ----------- | ----- |
 | **service_account_key_decoded** | **String** |  | [optional] |
 | **ad_auto_rotate** | **String** | Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with --ad-rotation-interval and --ad-rotation-hour parameters (Relevant only for Active Directory migration) | [optional] |
+| **ad_cert_expiration_event_in** | **Array<String>** | How many days before the expiration of discovered certificates would you like to be notified (Relevant only for Active Directory migration with certificate discovery enabled) | [optional] |
+| **ad_certificates_path_template** | **String** | Path location template for migrating certificates e.g.: /Certificates/{{COMMON_NAME}} (Relevant only for Active Directory migration with certificate discovery enabled) | [optional] |
 | **ad_computer_base_dn** | **String** | Distinguished Name of Computer objects (servers) to search in Active Directory e.g.: CN=Computers,DC=example,DC=com (Relevant only for Active Directory migration) | [optional] |
 | **ad_discover_iis_app** | **String** | Enable/Disable discovery of IIS application from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration) | [optional][default to 'false'] |
 | **ad_discover_services** | **String** | Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration) | [optional][default to 'false'] |
@@ -28,6 +30,7 @@
 | **ad_winrm_over_http** | **String** | Use WinRM over HTTP, by default runs over HTTPS | [optional][default to 'false'] |
 | **ad_winrm_port** | **String** | Set the WinRM Port for further connection to the domain servers. Default is 5986 (Relevant only for Active Directory migration) | [optional][default to '5986'] |
 | **ad_discover_local_users** | **String** | Enable/Disable discovery of local users from each domain server and migrate them as SSH/Windows Rotated Secrets. Default is false: only domain users will be migrated. Discovery of local users might require further installation of SSH on the servers, based on the supplied computer base DN. This will be implemented automatically as part of the migration process (Relevant only for Active Directory migration) Deprecated: use AdDiscoverTypes | [optional] |
+| **ai_certificate_discovery** | **String** | Enable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway) | [optional] |
 | **aws_key** | **String** | AWS Secret Access Key (relevant only for AWS migration) | [optional] |
 | **aws_key_id** | **String** | AWS Access Key ID with sufficient permissions to get all secrets, e.g. 'arn:aws:secretsmanager:[Region]:[AccountId]:secret:[/path/to/secrets/*]' (relevant only for AWS migration) | [optional] |
 | **aws_region** | **String** | AWS region of the required Secrets Manager (relevant only for AWS migration) | [optional][default to 'us-east-2'] |
@@ -35,8 +38,13 @@
 | **azure_kv_name** | **String** | Azure Key Vault Name (relevant only for Azure Key Vault migration) | [optional] |
 | **azure_secret** | **String** | Azure Key Vault secret (relevant only for Azure Key Vault migration) | [optional] |
 | **azure_tenant_id** | **String** | Azure Key Vault Access tenant ID (relevant only for Azure Key Vault migration) | [optional] |
+| **conjur_account** | **String** | Conjur account name set on your Conjur server (relevant only for Conjur migration). | [optional] |
+| **conjur_api_key** | **String** | Conjur API Key for the specified user (relevant only for Conjur migration). | [optional] |
+| **conjur_url** | **String** | Conjur server base URL (relevant only for Conjur migration). If conjur-url is HTTPS and Conjur uses a private CA/self-signed certificate, make the CA bundle available on the Gateway and set CONJUR_SSL_CERT_PATH to its path. | [optional] |
+| **conjur_username** | **String** | Conjur username used to authenticate (relevant only for Conjur migration). | [optional] |
 | **expiration_event_in** | **Array<String>** | How many days before the expiration of the certificate would you like to be notified. | [optional] |
 | **gcp_key** | **String** | Base64-encoded GCP Service Account private key text with sufficient permissions to Secrets Manager, Minimum required permission is Secret Manager Secret Accessor, e.g. 'roles/secretmanager.secretAccessor' (relevant only for GCP migration) | [optional] |
+| **gcp_project_id** | **String** | GCP Project ID (cross-project override) | [optional] |
 | **hashi_json** | **String** | Import secret key as json value or independent secrets (relevant only for HasiCorp Vault migration) [true/false] | [optional][default to 'true'] |
 | **hashi_ns** | **Array<String>** | HashiCorp Vault Namespaces is a comma-separated list of namespaces which need to be imported into Akeyless Vault. For every provided namespace, all its child namespaces are imported as well, e.g. nmsp/subnmsp1/subnmsp2,nmsp/anothernmsp. By default, import all namespaces (relevant only for HasiCorp Vault migration) | [optional] |
 | **hashi_token** | **String** | HashiCorp Vault access token with sufficient permissions to preform list & read operations on secrets objects (relevant only for HasiCorp Vault migration) | [optional] |
@@ -68,6 +76,7 @@
 | **target_location** | **String** | Target location in Akeyless for imported secrets |  |
 | **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
 | **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+| **use_gw_cloud_identity** | **Boolean** | Use the GW's Cloud IAM | [optional] |
 
 ## Example
 
@@ -77,6 +86,8 @@ require 'akeyless'
 instance = Akeyless::GatewayUpdateMigration.new(
   service_account_key_decoded: null,
   ad_auto_rotate: null,
+  ad_cert_expiration_event_in: null,
+  ad_certificates_path_template: null,
   ad_computer_base_dn: null,
   ad_discover_iis_app: null,
   ad_discover_services: null,
@@ -99,6 +110,7 @@ instance = Akeyless::GatewayUpdateMigration.new(
   ad_winrm_over_http: null,
   ad_winrm_port: null,
   ad_discover_local_users: null,
+  ai_certificate_discovery: null,
   aws_key: null,
   aws_key_id: null,
   aws_region: null,
@@ -106,8 +118,13 @@ instance = Akeyless::GatewayUpdateMigration.new(
   azure_kv_name: null,
   azure_secret: null,
   azure_tenant_id: null,
+  conjur_account: null,
+  conjur_api_key: null,
+  conjur_url: null,
+  conjur_username: null,
   expiration_event_in: null,
   gcp_key: null,
+  gcp_project_id: null,
   hashi_json: null,
   hashi_ns: null,
   hashi_token: null,
@@ -138,7 +155,8 @@ instance = Akeyless::GatewayUpdateMigration.new(
   si_users_path_template: null,
   target_location: null,
   token: null,
-  uid_token: null
+  uid_token: null,
+  use_gw_cloud_identity: null
 )
 ```
 

data/docs/GetPKICertificateOutput.md

@@ -7,6 +7,7 @@
 | **cert_display_id** | **String** |  | [optional] |
 | **cert_item_id** | **Integer** |  | [optional] |
 | **data** | **String** |  | [optional] |
+| **http_challenge_info** | [**HTTPChallengeInfo**](HTTPChallengeInfo.md) |  | [optional] |
 | **parent_cert** | **String** |  | [optional] |
 | **path** | **String** |  | [optional] |
 | **reading_token** | **String** |  | [optional] |
@@ -20,6 +21,7 @@ instance = Akeyless::GetPKICertificateOutput.new(
   cert_display_id: null,
   cert_item_id: null,
   data: null,
+  http_challenge_info: null,
   parent_cert: null,
   path: null,
   reading_token: null

data/docs/GithubMetadata.md

@@ -0,0 +1,28 @@
+# Akeyless::GithubMetadata
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **environment_name** | **String** |  | [optional] |
+| **organization_name** | **String** |  | [optional] |
+| **repository** | **String** |  | [optional] |
+| **repository_access** | **String** |  | [optional] |
+| **scope** | **String** |  | [optional] |
+| **selected_repositories** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::GithubMetadata.new(
+  environment_name: null,
+  organization_name: null,
+  repository: null,
+  repository_access: null,
+  scope: null,
+  selected_repositories: null
+)
+```
+

data/docs/HTTPChallengeInfo.md

@@ -0,0 +1,26 @@
+# Akeyless::HTTPChallengeInfo
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **file_content** | **String** |  | [optional] |
+| **file_path** | **String** |  | [optional] |
+| **instructions** | **String** |  | [optional] |
+| **key_auth** | **String** |  | [optional] |
+| **token** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::HTTPChallengeInfo.new(
+  file_content: null,
+  file_path: null,
+  instructions: null,
+  key_auth: null,
+  token: null
+)
+```
+

data/docs/IssuerOverviewInfo.md

@@ -0,0 +1,22 @@
+# Akeyless::IssuerOverviewInfo
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **certificate_authority_mode** | **String** |  | [optional] |
+| **expiration_date** | **Time** |  | [optional] |
+| **key_type** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::IssuerOverviewInfo.new(
+  certificate_authority_mode: null,
+  expiration_date: null,
+  key_type: null
+)
+```
+

data/docs/ItemGeneralInfo.md

@@ -14,6 +14,7 @@
 | **dynamic_secret_producer_details** | [**DynamicSecretProducerInfo**](DynamicSecretProducerInfo.md) |  | [optional] |
 | **expiration_events** | [**Array<CertificateExpirationEvent>**](CertificateExpirationEvent.md) |  | [optional] |
 | **importer_info** | [**ImporterInfo**](ImporterInfo.md) |  | [optional] |
+| **issuer_overview_info** | [**IssuerOverviewInfo**](IssuerOverviewInfo.md) |  | [optional] |
 | **next_rotation_events** | [**Array<NextAutoRotationEvent>**](NextAutoRotationEvent.md) |  | [optional] |
 | **oidc_client_info** | [**OidcClientInfo**](OidcClientInfo.md) |  | [optional] |
 | **password_policy** | [**PasswordPolicyInfo**](PasswordPolicyInfo.md) |  | [optional] |
@@ -38,6 +39,7 @@ instance = Akeyless::ItemGeneralInfo.new(
   dynamic_secret_producer_details: null,
   expiration_events: null,
   importer_info: null,
+  issuer_overview_info: null,
   next_rotation_events: null,
   oidc_client_info: null,
   password_policy: null,

data/docs/LetsEncryptTargetDetails.md

@@ -0,0 +1,38 @@
+# Akeyless::LetsEncryptTargetDetails
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **account_key_pem** | **String** | ACME Account Private Key (PEM-encoded) Supports ECDSA (P-256, P-384, P-521), RSA (2048+), and Ed25519 Auto-generated as ECDSA P-256 on first certificate issuance if not provided Stored encrypted, required for certificate operations and revocation | [optional] |
+| **account_url** | **String** | ACME Account URL (returned after registration with Let's Encrypt) Used to retrieve existing account instead of re-registering | [optional] |
+| **acme_environment** | **String** | ACMEEnvironment defines Let's Encrypt ACME directory environment | [optional] |
+| **challenge_type** | **String** | ACMEChallengeType defines ACME challenge type for Let's Encrypt | [optional] |
+| **dns_target_name** | **String** | Name of DNS target (transient field - not stored in DB) Used by CLI to pass DNS target name to SDK for creating target_object_assoc Retrieved from target_object_assoc when reading target Required when ChallengeType is \"dns\" | [optional] |
+| **dns_target_type** | **String** |  | [optional] |
+| **email** | **String** | Email address for ACME account registration Required | [optional] |
+| **gcp_project** | **String** | GCP Cloud DNS: Project ID Optional - can be derived from service account | [optional] |
+| **hosted_zone** | **String** | AWS Route53: Hosted zone ID Required when DNSTargetType is AWS | [optional] |
+| **resource_group** | **String** | Azure DNS: Resource group name Required when DNSTargetType is Azure | [optional] |
+| **timeout** | **Integer** | A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years. | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::LetsEncryptTargetDetails.new(
+  account_key_pem: null,
+  account_url: null,
+  acme_environment: null,
+  challenge_type: null,
+  dns_target_name: null,
+  dns_target_type: null,
+  email: null,
+  gcp_project: null,
+  hosted_zone: null,
+  resource_group: null,
+  timeout: null
+)
+```
+

data/docs/MigrationStatusReplyObj.md

@@ -4,6 +4,7 @@
 
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
+| **certificates** | [**MigrationItems**](MigrationItems.md) |  | [optional] |
 | **computers** | **Integer** |  | [optional] |
 | **duration_time** | **String** |  | [optional] |
 | **error** | **String** |  | [optional] |
@@ -26,6 +27,7 @@
 require 'akeyless'
 
 instance = Akeyless::MigrationStatusReplyObj.new(
+  certificates: null,
   computers: null,
   duration_time: null,
   error: null,

data/docs/MigrationsConfigPart.md

@@ -8,6 +8,7 @@
 | **aws_secrets_migrations** | [**Array<AWSSecretsMigration>**](AWSSecretsMigration.md) |  | [optional] |
 | **azure_kv_migrations** | [**Array<AzureKeyVaultMigration>**](AzureKeyVaultMigration.md) |  | [optional] |
 | **certificate_migrations** | [**Array<CertificateMigration>**](CertificateMigration.md) |  | [optional] |
+| **conjur_migrations** | [**Array<ConjurMigration>**](ConjurMigration.md) |  | [optional] |
 | **gcp_secrets_migrations** | [**Array<GCPSecretsMigration>**](GCPSecretsMigration.md) |  | [optional] |
 | **hashi_migrations** | [**Array<HashiMigration>**](HashiMigration.md) |  | [optional] |
 | **k8s_migrations** | [**Array<K8SMigration>**](K8SMigration.md) |  | [optional] |
@@ -25,6 +26,7 @@ instance = Akeyless::MigrationsConfigPart.new(
   aws_secrets_migrations: null,
   azure_kv_migrations: null,
   certificate_migrations: null,
+  conjur_migrations: null,
   gcp_secrets_migrations: null,
   hashi_migrations: null,
   k8s_migrations: null,

data/docs/PoliciesCreateOutput.md

@@ -0,0 +1,18 @@
+# Akeyless::PoliciesCreateOutput
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **id** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesCreateOutput.new(
+  id: null
+)
+```
+

data/docs/PoliciesDelete.md

@@ -0,0 +1,24 @@
+# Akeyless::PoliciesDelete
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **id** | **String** | Policy id |  |
+| **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
+| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
+| **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesDelete.new(
+  id: null,
+  json: null,
+  token: null,
+  uid_token: null
+)
+```
+

data/docs/PoliciesGet.md

@@ -0,0 +1,24 @@
+# Akeyless::PoliciesGet
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **id** | **String** | Policy id |  |
+| **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
+| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
+| **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesGet.new(
+  id: null,
+  json: null,
+  token: null,
+  uid_token: null
+)
+```
+

data/docs/PoliciesGetOutput.md

@@ -0,0 +1,18 @@
+# Akeyless::PoliciesGetOutput
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **policy** | [**PolicyOutput**](PolicyOutput.md) |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesGetOutput.new(
+  policy: null
+)
+```
+

data/docs/PoliciesList.md

@@ -0,0 +1,30 @@
+# Akeyless::PoliciesList
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **aggregate** | **Boolean** | Aggregate missing configurations from parent policies (requires --paths) | [optional] |
+| **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
+| **object_type** | **Array<String>** | Optional object types filter (items or targets) | [optional] |
+| **paths** | **Array<String>** | Filter by exact policy paths | [optional] |
+| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
+| **types** | **Array<String>** | Filter by policy types | [optional] |
+| **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesList.new(
+  aggregate: null,
+  json: null,
+  object_type: null,
+  paths: null,
+  token: null,
+  types: null,
+  uid_token: null
+)
+```
+

data/docs/PoliciesListOutput.md

@@ -0,0 +1,18 @@
+# Akeyless::PoliciesListOutput
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **policies** | [**Array<PolicyOutput>**](PolicyOutput.md) |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PoliciesListOutput.new(
+  policies: null
+)
+```
+

data/docs/PolicyCreateKeys.md

@@ -0,0 +1,34 @@
+# Akeyless::PolicyCreateKeys
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **allowed_algorithms** | **Array<String>** | Specify allowed key algorithms (e.g., [RSA2048,AES128GCM]) | [optional] |
+| **allowed_key_names** | **Array<String>** | Specify allowed protection key names. To enforce using the account's default protection key, use 'default-account-key' | [optional] |
+| **allowed_key_types** | **Array<String>** | Specify allowed key protection types (dfc, classic-key) | [optional] |
+| **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
+| **max_rotation_interval_days** | **Integer** | Set the maximum rotation interval for automatic key rotation. | [optional] |
+| **object_types** | **Array<String>** | The object types this policy will apply to (items, targets). If not provided, defaults to [items, targets]. | [optional] |
+| **path** | **String** | The path the policy refers to |  |
+| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
+| **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PolicyCreateKeys.new(
+  allowed_algorithms: null,
+  allowed_key_names: null,
+  allowed_key_types: null,
+  json: null,
+  max_rotation_interval_days: null,
+  object_types: null,
+  path: null,
+  token: null,
+  uid_token: null
+)
+```
+

data/docs/PolicyOutput.md

@@ -0,0 +1,34 @@
+# Akeyless::PolicyOutput
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **account_id** | **String** |  | [optional] |
+| **allowed_algorithms** | **Array<String>** |  | [optional] |
+| **allowed_key_names** | **Array<String>** |  | [optional] |
+| **allowed_key_types** | **Array<String>** |  | [optional] |
+| **id** | **String** |  | [optional] |
+| **max_rotation_interval_days** | **Integer** |  | [optional] |
+| **object_types** | **Array<String>** |  | [optional] |
+| **path** | **String** |  | [optional] |
+| **type** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PolicyOutput.new(
+  account_id: null,
+  allowed_algorithms: null,
+  allowed_key_names: null,
+  allowed_key_types: null,
+  id: null,
+  max_rotation_interval_days: null,
+  object_types: null,
+  path: null,
+  type: null
+)
+```
+

data/docs/PolicyUpdateKeys.md

@@ -0,0 +1,36 @@
+# Akeyless::PolicyUpdateKeys
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **allowed_algorithms** | **Array<String>** | Specify allowed key algorithms (e.g., [RSA2048,AES128GCM]) | [optional] |
+| **allowed_key_names** | **Array<String>** | Specify allowed protection key names. To enforce using the account's default protection key, use 'default-account-key' | [optional] |
+| **allowed_key_types** | **Array<String>** | Specify allowed key protection types (dfc, classic-key) | [optional] |
+| **id** | **String** | Policy id |  |
+| **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
+| **max_rotation_interval_days** | **Integer** | Set the maximum rotation interval for automatic key rotation. | [optional] |
+| **object_types** | **Array<String>** | The object type this policy will apply to (items, targets) | [optional] |
+| **path** | **String** | The path the policy refers to | [optional] |
+| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
+| **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
+
+## Example
+
+```ruby
+require 'akeyless'
+
+instance = Akeyless::PolicyUpdateKeys.new(
+  allowed_algorithms: null,
+  allowed_key_names: null,
+  allowed_key_types: null,
+  id: null,
+  json: null,
+  max_rotation_interval_days: null,
+  object_types: null,
+  path: null,
+  token: null,
+  uid_token: null
+)
+```
+

data/docs/RotatedSecretCreateAws.md

@@ -11,9 +11,10 @@
 | **aws_region** | **String** | Aws Region | [optional][default to 'us-east-2'] |
 | **delete_protection** | **String** | Protection from accidental deletion of this object [true/false] | [optional] |
 | **description** | **String** | Description of the object | [optional] |
-| **grace_rotation** | **String** | Create a new access key without deleting the old key from AWS/Azure/GCP for backup (relevant only for AWS/Azure/GCP) [true/false] | [optional] |
+| **grace_rotation** | **String** | Enable graceful rotation (keep both versions temporarily). When enabled, a new secret version is created while the previous version is kept for the grace period, so both versions exist for a limited time. [true/false] | [optional] |
 | **grace_rotation_hour** | **Integer** | The Hour of the grace rotation in UTC | [optional] |
 | **grace_rotation_interval** | **String** | The number of days to wait before deleting the old key (must be bigger than rotation-interval) | [optional] |
+| **grace_rotation_timing** | **String** | When to create the new version relative to the rotation date [after/before] | [optional] |
 | **item_custom_fields** | **Hash<String, String>** | Additional custom fields to associate with the item | [optional] |
 | **json** | **Boolean** | Set output format to JSON | [optional][default to false] |
 | **key** | **String** | The name of a key that used to encrypt the secret value (if empty, the account default protectionKey key will be used) | [optional] |
@@ -31,7 +32,7 @@
 | **secure_access_certificate_issuer** | **String** | Path to the SSH Certificate Issuer for your Akeyless Secure Access | [optional] |
 | **secure_access_enable** | **String** | Enable/Disable secure remote access [true/false] | [optional] |
 | **tags** | **Array<String>** | Add tags attached to this object | [optional] |
-| **target_name** | **String** | Target name |  |
+| **target_name** | **String** | The target name to associate |  |
 | **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] |
 | **uid_token** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] |
 
@@ -51,6 +52,7 @@ instance = Akeyless::RotatedSecretCreateAws.new(
   grace_rotation: null,
   grace_rotation_hour: null,
   grace_rotation_interval: null,
+  grace_rotation_timing: null,
   item_custom_fields: null,
   json: null,
   key: null,