Introduction to GateKey
GateKey is a zero-trust VPN solution that wraps OpenVPN and WireGuard. Users authenticate via their company's identity provider (Okta, Azure AD, Google Workspace, etc.) and get short-lived VPN credentials automatically.
No passwords to remember. No certificates to manage. Just SSO and connect.
Overview Videoβ
Why GateKey?β
Traditional VPNs have fundamental security issues:
| Traditional VPN | GateKey |
|---|---|
| Long-lived certificates (years) | Short-lived certs (24 hours) |
| Full network access after connect | Per-user firewall rules |
| Separate VPN passwords | SSO with your identity provider |
| Manual certificate rotation | Automatic credential refresh |
| Static access control | Dynamic, role-based access |
Key Featuresβ
π Zero Trust Securityβ
Every connection is authenticated and authorized. No user or device is trusted by defaultβaccess is verified continuously.
- Never Trust, Always Verify: Every access request is fully authenticated
- Least Privilege: Users only access resources explicitly permitted
- Assume Breach: Short-lived certificates limit exposure window
- Default Deny: All traffic blocked unless explicitly allowed
π SSO Integrationβ
Integrate with your existing identity provider:
- Okta
- Azure AD / Entra ID
- Google Workspace
- Any OIDC or SAML provider
π Dual Protocol Supportβ
Choose the VPN protocol that fits your needs:
| Protocol | Best For | Performance | FIPS 140-3 Compliant |
|---|---|---|---|
| OpenVPN | Maximum compatibility, regulatory environments | Good | Yes |
| WireGuard | Performance, mobile | Excellent | No |
Both protocols use the same zero-trust security model.
Compliance Note: For organizations requiring FIPS 140-3 compliance (government, healthcare, finance), use OpenVPN with FIPS-validated cryptographic modules. GateKey's OpenVPN implementation supports AES-256-GCM and SHA-384 for FIPS-compliant deployments.
π Multi-Gatewayβ
Connect to multiple VPN gateways simultaneously:
gatekey connect us-east-1 # Gets tun0
gatekey connect eu-west-1 # Gets tun1
gatekey status # Shows all connections
πΈοΈ Mesh Networkingβ
Hub-and-spoke topology for site-to-site connectivity with zero-trust access controls.
βΈοΈ Kubernetes Nativeβ
Deploy with Helm in minutes. GateKey integrates seamlessly with Kubernetes and stores secrets natively in the cluster.
Architecture Overviewβ
Componentsβ
| Component | Description |
|---|---|
| Control Plane | Central server handling auth, certs, and policy |
| Gateway Agent | Runs alongside OpenVPN/WireGuard on gateway servers |
| CLI Client | User-facing VPN client (gatekey) |
| Android Client | Native mobile app for Android devices |
| Web UI | Browser-based interface for config download |
| Admin CLI | Administrative tool for policy management |
Next Stepsβ
- Quick Start Guide - Get connected in 5 minutes
- Installation - Detailed installation instructions
- Architecture Overview - Deep dive into system design