Creating a Gateway

Creating a Keeper Gateway

Overview

In order to install and setup a Keeper Gateway device, you need to have a few resources set up:

Shared Folders to hold the PAM Resources (Machines, Databases, Users, etc)
Keeper Secrets Manager application
PAM Configuration

To simplify the process, we have a new Gateway wizard which creates all of the necessary components. Or, you can run each step individually.

Using the Gateway Wizard

The fastest way to create a Gateway and associated resources is using the Gateway Wizard. From the Web Vault or Desktop App, click on Create New > Gateway.

The below link describes how to create a sandbox environment in just a few steps:

Quick Start: Sandbox

Using Keeper Secrets Manager

To set up a Keeper Gateway manually using the Keeper Secrets Manager application resources, follow these steps.

Create a Secrets Manager Application

In the Keeper Web Vault or Desktop App user interface, create a Shared Folder. This Shared Folder will contain the PAM resource records.
Navigate to the "Secret Managers" tab on the left and click on "Create Application" to create a KSM application
In the prompted window:
- Enter the name of your KSM application
- Choose the Shared Folder
- Set the Record Permissions for Application to "Can Edit"
- Click on "Generate Access Token" and then click on "OK"
- You can safely ignore the first One-Time Access Token generated for the newly created KSM application. When creating a Keeper Gateway device, a different One-Time Access Token will be created.

Generate the Gateway Token

From the Application screen, open the Gateways tab
Click on Provision Gateway
Select a name for the Gateway and the operating system
Follow the on-screen instructions based on the type of install

Using Commander CLI

You can also create a Gateway and configuration file from the Commander CLI. The below CLI commands will create a Secrets Manager application, shared folders and other resources before creating a Gateway instance.

Create an Application

secrets-manager app create "My Infrastructure"

Create Folders

mkdir -uf "My Infrastructure"
mkdir -sf -a "My Infrastructure/Resources"
mkdir -sf -a "My Infrastructure/Users"

secrets-manager share add --app "My Infrastructure" --secret <Resources folder UID>
secrets-manager share add --app "My Infrastructure" --secret <Users folder UID>

Create a Gateway

To initialize a Gateway for Linux or Windows native install methods, the one-time token method is used:

pam gateway new -n "My Demo Gateway" -a "My Infrastructure"

To initialize a Gateway using Docker, the base64 configuration is provided as GATEWAY_CONFIG environment variable as described in the Docker Installation instructions.

pam gateway new -n "My Demo Gateway" -a "My Infrastructure" -c b64

PreviousGateways NextGateway with Docker

Last updated 4 months ago

Was this helpful?