Installing and Configuring the Gateway


Deeper Dive

For more in-depth information, check out our detailed documentation on the following topics:

Akeyless Gateway

Standalone Docker Gateway Installation


Need any help?

If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.

Below is a text-only guide for users based on the above video

What is Akeyless Gateway?

The Akeyless Gateway is a stateless Docker container, also available on Kubernetes, that is deployed within your network. The Gateway talks with Akeyless which means that when you configure it, you won't have to make any infrastructure changes and it won't require any massive network adjustments.

Moreover, the Gateway holds the Customer Fragment, which is an important security feature. The Customer Fragment is your piece of your DFC encryption key that is used for all encryption and decryption. Since Akeyless doesn't have access to your network, where the Gateway and Fragment are held, we don't have access to decrypt any of your data. We will discuss this more in a later video.

Installing your Gateway

Before you can install the Gateway, make sure you have the following:

  • A Linux or a Windows machine with Docker engine installed.
  • Network connection to Akeyless SaaS Core Services from your machine.
  • The following ports need to be open as well: 8000, 8080, 8081, 8200, 5696, 18888.

Let's go ahead and install the Gateway. On your machine of choice, local or cloud-based, run the following command:

docker run -d -p 8000:8000 -p 8200:8200 -p 18888:18888 -p 8080:8080 -p 8081:8081 -p 5696:5696 -e ADMIN_ACCESS_ID="[email_address_of_your_Akeyless_account]" --name akeyless-gw akeyless/base


For more advanced configurations, including adding other Gateway Admins or installing the Gateway on K8s, see the docs here.

Next, run the following command to check that the Gateway is up and running. In this case, 'akeyless-gw' is our gateway's name. If you used a different name, you should use that instead.

docker logs -f akeyless-gw

This will show a lot of log information, but we are only looking for the following lines right at the beginning:

'Starting Up'
'Network connectivity check successful'

Once that’s done, you can go back to the Console and see the Gateway is showing as active.


Make sure your "Gateway URL" is showing the correct endpoint.

You can now see your Gateway on your browser at the endpoint with port 8000 to see the Gateway is up and ready to log in.


In this demo, I am using an https endpoint created internally. You should use the endpoint on which you installed the Gateway. A non-https endpoint is ok, but can cause some issues with advanced Secrets Management from the UI in the future.

Log into the Gateway with the same credentials you use to log into the Console.

Once you are logged in, you can see all the various menu items available to you.

The main purpose of having access to this Gateway UI is for configuration and administrative purposes. For just about every Secrets Management operation, you will not actually need to log into the Gateway -- you will continue using the Console.