Creating a Gateway

Creating a Keeper Gateway

Overview

In order to install and setup a Keeper Gateway device, you need to have a few resources set up:

  • Shared Folders to hold the PAM Resources (Machines, Databases, Users, etc)

  • Keeper Secrets Manager application

  • PAM Configuration

To simplify the process, we have a new Gateway wizard which creates all of the necessary components. Or, you can run each step individually.

Using the Gateway Wizard

The fastest way to create a Gateway and associated resources is using the Gateway Wizard. From the Web Vault or Desktop App, click on Create New > Gateway.

Creating a Gateway

The below link describes how to create a sandbox environment in just a few steps:

Using Keeper Secrets Manager

To set up a Keeper Gateway manually using the Keeper Secrets Manager application resources, follow these steps.

1

Create a Secrets Manager Application

  • In the Keeper Web Vault or Desktop App user interface, create a Shared Folder. This Shared Folder will contain the PAM resource records.

  • Navigate to the "Secret Managers" tab on the left and click on "Create Application" to create a KSM application

  • In the prompted window:

    • Enter the name of your KSM application

    • Choose the Shared Folder

    • Set the Record Permissions for Application to "Can Edit"

    • Click on "Generate Access Token" and then click on "OK"

    • You can safely ignore the first One-Time Access Token generated for the newly created KSM application. When creating a Keeper Gateway device, a different One-Time Access Token will be created.

Create a KSM Application
2

Generate the Gateway Token

  • From the Application screen, open the Gateways tab

  • Click on Provision Gateway

  • Select a name for the Gateway and the operating system

  • Follow the on-screen instructions based on the type of install

Windows Gateway

Using Commander CLI

You can also create a Gateway and configuration file from the Commander CLI. The below CLI commands will create a Secrets Manager application, shared folders and other resources before creating a Gateway instance.

Create an Application

secrets-manager app create "My Infrastructure"

Create Folders

mkdir -uf "My Infrastructure"
mkdir -sf -a "My Infrastructure/Resources"
mkdir -sf -a "My Infrastructure/Users"

Share the KSM app to the Shared Folders

secrets-manager share add --app "My Infrastructure" --secret <Resources folder UID>
secrets-manager share add --app "My Infrastructure" --secret <Users folder UID>

Create a Gateway

To initialize a Gateway for Linux or Windows native install methods, the one-time token method is used:

pam gateway new -n "My Demo Gateway" -a "My Infrastructure"

To initialize a Gateway using Docker, the base64 configuration is provided as GATEWAY_CONFIG environment variable as described in the Docker Installation instructions.

pam gateway new -n "My Demo Gateway" -a "My Infrastructure" -c b64
PreviousGatewaysNextDocker Installation

Last updated

Was this helpful?