# Applications

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FlGKhrtW3C17QpVPL2y1U%2FApplications.jpg?alt=media&#x26;token=3a9db568-10db-414c-a954-ec26f8b66dc9" alt=""><figcaption></figcaption></figure>

### What's an Application?

A Secrets Manager Application allows a machine or device to communicate with the Keeper vault, retrieve assigned records and decrypt the data.

Folders are shared to the application, similar to how users are folders are shared to users. This gives the application the capability of accessing and decrypting the records in the folder.

### Creating an Application

From the Keeper Vault, go to Secrets Manager and click on Create Application.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F7c4Wl59Aw89PNoAh2jqH%2FScreenshot%202024-12-26%20at%207.04.55%E2%80%AFPM.png?alt=media&#x26;token=6283ebab-de8d-49d7-b12c-4933c7e68a20" alt=""><figcaption></figcaption></figure>

* The Application Name typically represents the use case or environment where it is being used
* The Folder selected is where the application is assigned. An application can be added to any number of shared folders.
* Record permissions give the application either read-only or read/write access to the folder. This is an additional restriction on top of the existing shared folder permissions.
* Click on Generate Access Token to create the first access token, representing the first device
* If you don't plan to set up a device yet, the first access token can be discarded

### Generating a One-Time Access Token

When creating an application, a one-time access token for the first Device is provided. This one-time access token is supplied to the 3rd party system, Keeper Secrets Manager SDK, Keeper Secrets Manager CLI or other device which needs to access information from the vault.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2Fxd8DfE0CZZHJz6L6fQul%2FScreenshot%202024-12-26%20at%207.05.15%E2%80%AFPM.png?alt=media&#x26;token=934afd24-1594-48eb-a80c-d859d40e419e" alt=""><figcaption><p>One-Time Access Token</p></figcaption></figure>

After creating the application, it is managed from the Secrets Manager screen. You can then assign additional devices or Keeper Gateways.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FrGAwVXeftS4nvxQgyt0c%2FScreenshot%202024-12-26%20at%207.05.39%E2%80%AFPM.png?alt=media&#x26;token=63128e5b-44d9-4cb1-86e6-d4251ae3d10f" alt=""><figcaption><p>Managing Applications</p></figcaption></figure>

Applications can be added to new or existing Shared Folders.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FmoLDmyO7KrkidzqaItHt%2FScreenshot%202024-12-26%20at%207.07.40%E2%80%AFPM.png?alt=media&#x26;token=961bbddf-b14a-4d82-a0f7-9277548deb51" alt=""><figcaption><p>Creating a Shared Folder</p></figcaption></figure>

Edit the Shared Folder to assign the application.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2Fj52SOKVTh70KYp2hY5m3%2FScreenshot%202024-12-26%20at%207.08.09%E2%80%AFPM.png?alt=media&#x26;token=d08bcd35-0807-4f66-8c2e-d87da108d34f" alt=""><figcaption><p>Add Application to Shared Folder</p></figcaption></figure>

By assigning the Application to shared folders, the application's devices can send Keeper Secrets Manager API requests to the Keeper vault to access and manage the records assigned. There are many use cases where a device can use Keeper Secrets Manager APIs to communicate with the Keeper vault. Below are a few examples.

* [Secrets Manager CLI](https://docs.keeper.io/en/keeperpam/secrets-manager/secrets-manager-command-line-interface)
* [Developer SDKs](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library)
* [Integrations](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations)

### Assigning Gateways to Applications

Keeper Gateways are created and associated to an application. To create a new Gateway, open the application and click on the "Gateways" tab. Select "Provision Gateway" to create a Gateway.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FuurHOOWU1OArMPW26bov%2FScreenshot%202024-12-26%20at%207.21.31%E2%80%AFPM.png?alt=media&#x26;token=d09b8ae9-f50f-455d-acd2-4b33947c6c64" alt=""><figcaption><p>Assigning a Gateway to an Application</p></figcaption></figure>

Alternatively, Keeper provides a wizard that creates several components at once, and automatically links everything together. From the main vault screen, select "**Create New**" then "**Gateway**".

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FMhDrfJxtwD5BfXTzW30Y%2FScreenshot%202024-12-26%20at%207.25.56%E2%80%AFPM.png?alt=media&#x26;token=df02b30a-eccb-4df2-9ecf-dc726ed6da4c" alt=""><figcaption><p>Create a Gateway and associated applications</p></figcaption></figure>

The "Project Name" is used to create a PAM Configuration, Gateway, Application and optionally a set of example folders and records.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FD8CTwQzk8HCmJnqzuxac%2FScreenshot%202024-12-26%20at%207.26.16%E2%80%AFPM.png?alt=media&#x26;token=6fd67625-7400-4857-8a6f-b02874a46f6c" alt=""><figcaption><p>Gateway Creation Wizard</p></figcaption></figure>