- Initial Gateway Configuration with Environment Variables
- Configuring TLS with Environment Variables
- Configuring the Cache with Environment Variables
The structure of the Gateway installation command when using environment variables should be the following:
docker run -d -p 8000:8000 -p 8200:8200 -p 18888:18888 -p 8080:8080 -p 8081:8081 -p 5696:5696 -e ENV_VARIABLE_1="value1" -e ENV_VARIABLE_2="value2" -v /HOST/PATH/TO/FILE:/GATEWAY/PATH/TO/FILE --name akeyless-gw akeyless/base
Suppose you want to change something in your Gateway installation using the environment variables. In that case, you need to stop and remove the Gateway container first and then create a new Gateway container with the desired attributes specified in the environment variables.
Environment variables enable the user to install the Gateway with some pre-defined parameters:
This variable allows you to set instantly Admin credentials for the new Gateway instance.
It needs to be combined either with the
access-id can be either an API Key or a CSP IAM (aws_iam, azure_ad, gcp_gce)
access-key needs to match the access-id
password needs to match the email
This variable allows adding several Authentication Methods as Admins of the Gateway instance.
This variable can also work with sub-claims (when a shared authentication method is used in the organization, e.g., SAML):
In this case, the "access-id" belongs to the Authentication Method created for the particular Identity Provider.
If you don't specify the sub-claims, every user authenticated by this IDP will be able to log in to the Gateway with admin privileges.
When you use the
ALLOWED_ACCESS_IDSvariable to set up access to your Gateway using a shared authentication method, you must provide relevant sub-claims.
Otherwise, all users authenticated by the Identity Provider with a given
access-idwill be able to log in to your Gateway and configure it.
This variable allows creating a Gateway instance with a custom Cluster Name instead of the default one.
This variable allows creating a Gateway instance with a custom Display Name (you can set it through the Console as well).
Please keep in mind that changing the Access ID or Cluster Name of your Gateway will create an entirely new Gateway instance, and it will not be able to retrieve the settings and data from the previously removed instance.
That’s why we recommend setting up a meaningful Cluster Name for your Gateway instance from the very beginning.
This variable allows for encrypting the configuration of your Gateway with the encryption key that you have already created in the Console.
By default, the Gateway configuration is encrypted with the default Account key created and managed by Akeyless.
This variable allows for using a specific version of the Akeyless Gateway application.
This variable enables TLS for the Gateway Console.
This variable enables TLS for the Gateway Configuration Manager.
This variable enables TLS for the HPV.
This variable enables TLS for Akeyless API Services.
A TLS certificate and a TLS Private Key in PEM format need to be mounted to the Gateway target directory using the following attributes. The example below mounts the TLS certificate and key from the Present Working Directory.
This variable enables Gateway caching.
This variable enables Proactive caching.
This variable sets the amount of time (in minutes) during which a secret should be kept in the cache. The secret is deleted from the cache at the end of this period.
This variable instructs the system to update secrets in the cache if they are older than the specified value.
This variable sets the amount of time (in minutes) between the two consecutive backups of cached secrets.
Updated 4 days ago