Configure Gateway

❗
Important:
For ongoing Gateway configuration changes, always use the Gateway Configuration Manager, Akeyless CLI, or Helm values (for Kubernetes) to manage settings for the entire Gateway cluster.
Never configure only a single Gateway instance in a cluster. All instances in a cluster must be managed together using the supported tools above. Configuring only one instance, or making changes to individual containers or pods, will result in configuration drift, inconsistent behavior, and potential security or availability risks.
Avoid per-instance container startup command changes for routine updates. These should only be used for initial bootstrap or emergency recovery, not for ongoing management.

Use this section to configure how Akeyless Gateway authenticates, secures transport, protects encryption material, serves secrets during outages, and integrates with operational tooling.

Configuration is typically done after deployment and adjusted over time as security, compliance, and platform requirements evolve.

Access Gateway Settings (UI)

Use the Gateway Configuration Manager to access Gateway settings from the UI:

Open the Akeyless SaaS Console at https://console.akeyless.io and sign in.
Or, if needed, open the Gateway Console endpoint at <gateway-protocol>://<gateway-host>:8000/console.
For example, https://gateway.example.com:8000/console.
In the Console, open the Gateway tab and select the relevant Gateway.
Select Manage Gateway to open and change Gateway settings.

To see a Gateway in the Gateway list and use Manage Gateway, the user must have Gateway-scoped administrative permission (scope or all). Without this permission scope, the Gateway is not visible in the list, and the user cannot manage it.

Use HTTPS for remote management whenever possible.

Understand Gateway Naming and Manage Gateway Tabs

In the Gateway list, the Gateway name commonly appears in this format:

<account-id>/<gateway-access-id>/<cluster-name>

<account-id>: The Akeyless account identifier.
<gateway-access-id>: The Access ID used by the Gateway authentication method (for example, p-<gateway-auth-method-id>).
<cluster-name>: The clusterName value defined at deployment time.

The combination of Gateway Access ID and clusterName defines the logical Gateway cluster identity. Changing either value creates a different logical cluster.

In Manage Gateway, the following tabs are commonly used:

Instances: Shows Gateway Instances for the selected Gateway, including reported instance metadata (for example, ID, IP, version, and last report), and includes a Remote Access section.
Items: Shows the Gateway-managed resource lists for Dynamic Secrets and Rotated Secrets, and shows KMIP when that feature is enabled.

For permission requirements, see Gateway Authentication and Access.

For inbound port and endpoint behavior, including Configure App deprecation and redirect details, see Gateway Network Connectivity.

Access Gateway Settings (CLI)

Use the Akeyless CLI to read and update Gateway settings:

akeyless gateway-get-config \
--gateway-url 'https://<Your-Akeyless-GW-URL>:8000'

For Gateway CLI commands and usage details, see CLI Reference for Gateway.

Available Configuration Features

The following configuration features are available:

Configure identity and authorization controls in Gateway Authentication and Access.
Configure HTTPS behavior and certificate usage in TLS Settings.
Review cryptography profile and coverage details in PQC Support Reference.
Manage trusted private CAs in Certificate Store.
Configure encryption posture with customer fragments in Zero Knowledge.
Define cache and offline behavior in Gateway Caching.
Route audit and operational logs in Log Forwarding.
Integrate external hardware key management in HSM Integration.
Configure migration workflows in Automatic Migration.

Next Steps

Set up monitoring and dashboards in Telemetry and Metrics.
Prepare incident playbooks with Troubleshooting the Gateway.

Updated 4 days ago