DOCS-424: Clarify ALLOWED_ACCESS_PERMISSIONS, add cache variables, and add SRA Docker Compose guidance

[harrison-akeyless]

Summary

Improves the Gateway Docker advanced configuration page with clarified env variable documentation, a cache variable reference table, and SRA Docker Compose guidance.

Changes

• \docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md\
  • Clarified \ALLOWED_ACCESS_PERMISSIONS\ as the current standard variable for gateway admin access permissions.
  • Added a reference table for cache-related environment variables.
  • Added an SRA-specific Docker Compose configuration section.

Motivation

Customers were confused about which env variable to use for gateway access control after legacy variable names appeared in older docs. The cache variable table and SRA Docker Compose section address gaps reported in support tickets.

Resolves DOCS-424

Summary by CodeRabbit

• Documentation
  • Clarified Docker Compose cluster-cache behavior and added environment variables to control cluster cache enablement and read preference (standalone topology not provisioned by Compose).
  • Expanded access-control guidance: clarified ALLOWED_ACCESS_PERMISSIONS vs GATEWAY_AUTHORIZED_ACCESS_ID, added a "Restrict Gateway Callers by Access ID" section with examples.
  • Documented PROACTIVE_CACHE_DUMP_INTERVAL as a legacy setting and its interaction with the new proactive-cache flags.
  • Noted Docker Compose SRA limitations and linked Kubernetes for production.

[coderabbitai]

Warning

Rate limit exceeded

@harrison-akeyless has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 28 minutes and 1 second before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6f268df5-1506-4972-85b5-6c16f10b1934

📥 Commits

Reviewing files that changed from the base of the PR and between e6ded2b and d141581.

📒 Files selected for processing (1)

• docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md

📝 Walkthrough

Walkthrough

Documentation updates clarify Gateway access control mechanisms (GATEWAY_AUTHORIZED_ACCESS_ID vs ALLOWED_ACCESS_PERMISSIONS), expand caching configuration guidance, add environment variable details, and provide deployment-specific notes across Docker and Kubernetes setups.

Changes

Gateway Configuration Documentation Clarification

Layer / File(s)	Summary
Core Access Control Documentation docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md, samples/unified-gateway/docker-compose-deploy/gateway.env, docs/Akeyless Gateway/deploy-gateway/gateway-deploy-docker-compose.md	New "Restrict Gateway Callers by Access ID" section explains GATEWAY_AUTHORIZED_ACCESS_ID as a transport-layer allowlist and ALLOWED_ACCESS_PERMISSIONS for component-level authorization; examples and inline cross-reference note updated to prefer ALLOWED_ACCESS_PERMISSIONS. The sample gateway.env comment now explains transport-layer rejection semantics for GATEWAY_AUTHORIZED_ACCESS_ID.
Cluster cache (Docker Compose) environment variables docs/Akeyless Gateway/configure-gateway/gateway-caching/cluster-cache-standalone.md	Cluster cache docs updated: Docker Compose does not provision standalone cluster cache topology and a Docker Compose-specific section documents USE_CLUSTER_CACHE, GATEWAY_CLUSTER_CACHE, REDIS_ADDR, and PREFER_CLUSTER_CACHE_FIRST environment variables.
Proactive caching and cache configuration docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md, docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md	Adds PROACTIVE_CACHE_DUMP_INTERVAL doc note for the legacy proactive caching implementation (no effect when NEW_PROACTIVE_CACHE_ENABLE=true); updates cache configuration wording and removes a legacy sentence about the dump interval as the backup cadence.
SRA Docker deployment note docs/Secure Remote Access/sra-setup/sra-docker/index.md	Adds an informational note that Docker Compose SRA supports only a subset of Kubernetes options and links to the Kubernetes SRA docs for production/advanced deployments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• akeylesslabs/technical-documentation#235: Related updates about Gateway authorization and required permission scopes that overlap with access-control documentation changes.

Suggested reviewers

• EldadH89
• Avi-Akeyless

Poem

I’m a rabbit in docs, nibbling clarity bright,
Access IDs lined up, cache flags set just right,
Docker notes whispered, Kubernetes links shown,
Pages now guide where confusion had grown—
Hooray for tidy config—hop, hop, delight! 🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main documentation updates: clarifying ALLOWED_ACCESS_PERMISSIONS, adding cache variables, and providing SRA Docker Compose guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v1.0_docs-424-docker-config-cleanup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[EldadH89]

@Avi-Akeyless can you please confirm?

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/Akeyless`
Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md:
- Line 212: The table cell for ALLOWED_ACCESS_PERMISSIONS uses the term "Gator
access permissions" which appears to be a typo; update the wording to "Gateway
access permissions" (or the correct product term) in the Control plane column
where the phrase "Gator access permissions" appears so it reads "Gateway access
permissions" and ensure the description for ALLOWED_ACCESS_PERMISSIONS remains
consistent with the JSON schema and example.
- Around line 202-229: The "Restrict Gateway Access" section conflicts with the
new "Restrict Gateway Callers by Access ID" content — update the older section
so it references and aligns with GATEWAY_AUTHORIZED_ACCESS_ID (mark
RESTRICT_SERVICE_TO_ACCESS_IDS as legacy/deprecated), or remove the duplicate
content and add a cross-reference to the new section; specifically edit the
section that currently documents RESTRICT_SERVICE_TO_ACCESS_IDS to instead
present GATEWAY_AUTHORIZED_ACCESS_ID as the current variable (with a deprecation
note pointing to RESTRICT_SERVICE_TO_ACCESS_IDS) and/or link to the "Restrict
Gateway Callers by Access ID" paragraph that explains allowed format and example
usage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8e965978-247c-4504-b294-a40c18bfbd21

📥 Commits

Reviewing files that changed from the base of the PR and between b1f5eab and e6ded2b.

📒 Files selected for processing (3)

• docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md
• docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md
• docs/Secure Remote Access/sra-setup/sra-docker/index.md

✅ Files skipped from review due to trivial changes (2)

• docs/Secure Remote Access/sra-setup/sra-docker/index.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md