Creating a Gateway

Overview

In order to install and setup a Keeper Gateway device, you need to have a few resources set up:

• Shared Folders to hold the PAM Resources (Machines, Databases, Users, etc)

• Keeper Secrets Manager application

• PAM Configuration

To simplify the process, we have a new Gateway wizard which creates all of the necessary components. Or, you can run each step individually.

Using the Gateway Wizard

A new Gateway deployment can be created by clicking on Create New > Gateway from the Web Vault. We have also posted a page describing how to create a sandbox environment in just a few steps.

• Quick Start: Sandbox

Creating a Gateway

1

Create a Secrets Manager Application

• In the Keeper Web Vault or Desktop App user interface, create a Shared Folder. This Shared Folder will contain the PAM resource records.

• Navigate to the "Secret Managers" tab on the left and click on "Create Application" to create a KSM application

• In the prompted window:

  • Enter the name of your KSM application

  • Choose the Shared Folder

  • Set the Record Permissions for Application to "Can Edit"

  • Click on "Generate Access Token" and then click on "OK"

  • You can safely ignore the first One-Time Access Token generated for the newly created KSM application. When creating a Keeper Gateway device, a different One-Time Access Token will be created.

2

Generate the Gateway Token

• From the Application screen, open the Gateways tab

• Click on Provision Gateway

• Select a name for the Gateway and the operating system

• Follow the on-screen instructions based on the type of install

Using Commander CLI

You can also create a Gateway and configuration file from the Commander CLI:

pam gateway new -n "<Gateway Name>" -a <Application Name or UID> -c b64

The Application names and UIDs can be found with secrets-manager app list