Standalone Gateway Installation & Configuration


  1. An Akeyless Account (one can register an account using the Akeyless SaaS Console).

  2. An Authentication Method that is linked to this Akeyless Account (the default Authentication Method uses the email/password access method and has Superuser privileges in the Account). Make sure that it has the right access permissions to view and manage the secrets in the Gateway.

  3. A Linux or Windows Server instance (e.g. on a Virtual Machine) with the installed Docker engine.

  4. The following ports need to be open on the server where you're installing the Gateway:

    • 8000
    • 18888
    • 8200
    • 8080
    • 8081
    • 5696



Make sure that this server is not accessible from the external network.

  1. For the Akeyless Gateway to function properly, you need to allow for public network connectivity to the Akeyless SaaS core services on your server.




Gateway Configuration Manager


Gateway Console




Akeyless V1 Restful API


Akeyless V2 Restful API


KMIP Server

Key Management Interoperability Protocol server for encryption keys management.



To install the Gateway as a standalone, run the following command in the CLI of your OS:

docker run -d -p 8000:8000 -p 8200:8200 -p 18888:18888 -p 8080:8080 -p 8081:8081 -p 5696:5696 --name akeyless-gw akeyless/base

As a result, you should see a new container named akeyless-gw running on your Docker. It contains a single instance of the Akeyless Gateway.

The Admin role in this Gateway instance is empty (i.e. not assigned to any Authentication Method).

Advanced installation options are implemented using environment variables.



For the complete list of Akeyless environment variables and corresponding use cases, you can visit the Using Environment Variables page.

Initial Configuration

To configure the standalone Gateway, use the Gateway Configuration Manager:

  1. In the browser, navigate to http://Your-Akeyless-Gateway-URL:8000.

  2. Enter credentials for authentication. 



If you are the Account Owner, then on the first login to the Gateway Configuration Manager, you can use your Akeyless SaaS Console credentials (email and password).

If you created the new Gateway instance already using the Authentication Method credentials in environment variables, then you’ll need to log in using those credentials.



If the Gateway was installed with the empty Admin role, then the first logged-in Authentication Method would be assigned Admin privileges on this Gateway.

Did this page help you?