Keeper Gateway
Installation and setup of the Keeper Gateway
Overview
The Keeper Gateway is a lightweight service that is installed on any Windows, Linux or macOS machine in order to execute rotation, discovery and connection tasks. A single Gateway can be used to communicate with any target infrastructure, both on-prem and cloud. For example, to rotate Active Directory accounts, the Gateway can be installed on any machine which can communicate to AD.
The Gateway preserves zero knowledge by performing all encryption and decryption of data locally. The Gateway uses Keeper Secrets Manager APIs to communicate with the Keeper cloud. A full description of the security architecture can be found here.
Platforms Supported
Windows (minimum OS version: Server 2016+ 1803 and newer)
Linux: Ubuntu, CentOS, and RedHat
macOS: 12+
System Requirements
Disk space required: 50MB
Memory: 1GB+
Installation Steps
The Keeper Gateway generates encryption keys and a local Secrets Manager configuration that is used to authenticate with the Keeper cloud. The location depends on the context in which the Gateway is being run. It can be installed to the local user or installed as a service.
Login to the Keeper Web Vault or Desktop App
Create a Secrets Manager Application or select existing application
Click on the "Gateways" tab and click "Provision Gateway"
Select Windows, Mac or Linux install method
Install the Keeper Gateway using the provided method
During the creating of a Keeper Gateway, you have the choice to select "Lock external WAN IP Address of device for initial request". This will additionally IP lock the Gateway in addition to the authentication and encryption built into the service. This option is recommended as long as the external IP of your gateway machine is static.
Based on your Operating System, refer to the corresponding guide on installing the Keeper Gateway:
Windows InstallationLinux InstallationMacOS InstallationAdditional Installation Configurations
If you are installing on an EC2 instance in AWS, the Keeper Gateway can be configured to use the instance role for pulling its configuration from AWS Secrets Manager. Detailed instructions on this setup can be found here.
Manage Gateways on the Admin Console
Keeper Admins can view and monitor all Gateways created under the enterprise environment. In the Secrets Manager section of the Keeper Admin Console, visit the "Gateways" tab.
Admins can see the status, creation date, and node assignment for all gateways. By clicking the Edit button, the Gateway name and Node can be modified, and a list of attached configurations and rotation history can be viewed.
Last updated