# Creating a Gateway

## Overview

In order to install and setup a Keeper Gateway device, you need to have a few resources set up:

* Shared Folders to hold the PAM Resources (Machines, Databases, Users, etc)
* Keeper Secrets Manager application
* PAM Configuration

To simplify the process, we have a new Gateway wizard which creates all of the necessary components. Or, you can run each step individually.

## Using the Gateway Wizard

The fastest way to create a Gateway and associated resources is using the Gateway Wizard. From the Web Vault or Desktop App, click on **Create New** > **Gateway.**

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FrperdEulgHMqKZAh4itn%2FScreenshot%202025-04-19%20at%207.46.13%E2%80%AFPM.png?alt=media&#x26;token=fcadc16c-003b-46f2-b6b7-8666d91c27a2" alt=""><figcaption><p>Creating a Gateway</p></figcaption></figure>

The below link describes how to create a sandbox environment in just a few steps:

* [Quick Start: Sandbox](https://docs.keeper.io/en/keeperpam/privileged-access-manager/quick-start-sandbox)

***

## Using Keeper Secrets Manager

To set up a Keeper Gateway manually using the Keeper Secrets Manager application resources, follow these steps.

{% stepper %}
{% step %}
**Create a Secrets Manager Application**

* In the Keeper Web Vault or Desktop App user interface, create a Shared Folder. This Shared Folder will contain the PAM resource records.
* Navigate to the "Secret Managers" tab on the left and click on "Create Application" to create a KSM application
* In the prompted window:
  * Enter the name of your KSM application
  * Choose the Shared Folder
  * Set the Record Permissions for Application to "Can Edit"
  * Click on "Generate Access Token" and then click on "OK"
  * You can safely ignore the first One-Time Access Token generated for the newly created KSM application. When creating a Keeper Gateway device, a different One-Time Access Token will be created.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FGfrKhg3EYK2mAtfmsq1x%2FScreenshot%202023-05-01%20at%2011.37.56%20AM.jpg?alt=media&#x26;token=21236241-e0f2-4b54-b7dd-9f3cea8ab53c" alt=""><figcaption><p>Create a KSM Application</p></figcaption></figure>
{% endstep %}

{% step %}
**Generate the Gateway Token**

* From the Application screen, open the **Gateways** tab
* Click on **Provision Gateway**
* Select a name for the Gateway and the operating system
* Follow the on-screen instructions based on the type of install

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FJKAv2CyVdxhUf7m7k7TY%2FScreenshot%202023-09-14%20at%205.46.20%20PM.png?alt=media&#x26;token=b1b3336b-b34d-4faa-aa75-1b5f54170233" alt=""><figcaption><p>Windows Gateway</p></figcaption></figure>
{% endstep %}
{% endstepper %}

***

## Using Commander CLI

You can also create a Gateway and configuration file from the Commander CLI. The below CLI commands will create a Secrets Manager application, shared folders and other resources before creating a Gateway instance.

#### Create an Application

```
secrets-manager app create "My Infrastructure"
```

#### Create Folders

```
mkdir -uf "My Infrastructure"
mkdir -sf -a "My Infrastructure/Resources"
mkdir -sf -a "My Infrastructure/Users"
```

#### Share the KSM app to the Shared Folders

```
secrets-manager share add --app "My Infrastructure" --secret <Resources folder UID>
secrets-manager share add --app "My Infrastructure" --secret <Users folder UID>
```

#### Create a Gateway

To initialize a Gateway for [Linux](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/linux-installation) or [Windows](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/windows-installation) native install methods, the one-time token method is used:

```
pam gateway new -n "My Demo Gateway" -a "My Infrastructure"
```

To initialize a Gateway using [Docker](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/gateway-with-docker), the base64 configuration is provided as `GATEWAY_CONFIG` environment variable as described in the [Docker Installation](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/gateway-with-docker) instructions.

```
pam gateway new -n "My Demo Gateway" -a "My Infrastructure" -c b64
```