Keeper Gateway

Installation and setup of the Keeper Gateway


The Keeper Gateway is a lightweight service that is installed on any Windows, Linux or macOS machine in order to execute rotation, discovery and connection tasks. A single Gateway can be used to communicate with any target infrastructure, both on-prem and cloud. For example, to rotate Active Directory accounts, the Gateway can be installed on any machine which can communicate to AD.

The Gateway preserves zero knowledge by performing all encryption and decryption of data locally. The Gateway uses Keeper Secrets Manager APIs to communicate with the Keeper cloud. A full description of the security architecture can be found here.

Platforms Supported

  • Windows (minimum OS version: Server 2016+ 1803 and newer)

  • Linux: Ubuntu, CentOS, and RedHat

  • macOS: 12+

System Requirements

  • Disk space required: 50MB

  • Memory: 1GB+

Installation Steps

The Keeper Gateway generates encryption keys and a local Secrets Manager configuration that is used to authenticate with the Keeper cloud. The location depends on the context in which the Gateway is being run. It can be installed to the local user or installed as a service.

  • Login to the Keeper Web Vault or Desktop App

  • Create a Secrets Manager Application or select existing application

  • Click on the "Gateways" tab and click "Provision Gateway"

  • Select Windows, Mac or Linux install method

  • Install the Keeper Gateway using the provided method

During the creating of a Keeper Gateway, you have the choice to select "Lock external WAN IP Address of device for initial request". This will additionally IP lock the Gateway in addition to the authentication and encryption built into the service. This option is recommended as long as the external IP of your gateway machine is static.

Based on your Operating System, refer to the corresponding guide on installing the Keeper Gateway:

pageWindows InstallationpageLinux InstallationpageMacOS Installation

Additional Installation Configurations

If you are installing on an EC2 instance in AWS, the Keeper Gateway can be configured to use the instance role for pulling its configuration from AWS Secrets Manager. Detailed instructions on this setup can be found here.

Manage Gateways on the Admin Console

Keeper Admins can view and monitor all Gateways created under the enterprise environment. In the Secrets Manager section of the Keeper Admin Console, visit the "Gateways" tab.

Admins can see the status, creation date, and node assignment for all gateways. By clicking the Edit button, the Gateway name and Node can be modified, and a list of attached configurations and rotation history can be viewed.

Last updated