DOCS-773: Recommend Gateway UI/CLI for ongoing configuration

[harrison-akeyless]

Summary

Adds consistent guidance across Gateway configuration docs to prefer the Gateway Configuration Manager UI, Akeyless CLI, or Helm values for ongoing configuration — rather than per-instance container startup flags.

Changes

New reusable custom block

• custom_blocks/GatewayConfigManagementNote.md — new Important callout advising against routine container-flag changes and directing users to the recommended configuration interfaces

Markdownlint config

• .github/markdownlint/.markdownlint-cli2.yaml — added GatewayConfigManagementNote to the MD033 allowed-tags list so <GatewayConfigManagementNote /> in doc pages passes lint

Configure Gateway section (docs/Akeyless Gateway/configure-gateway/)

• index.md — added <GatewayConfigManagementNote /> + new "Access Gateway Settings (CLI)" section with gateway-get-config example and link to CLI reference
• gateway-caching/index.md — added note + CLI example for akeyless gateway update cache
• gateway-tls-settings.md — added note + CLI example for akeyless gateway-update-tls-cert
• All remaining configure-gateway pages — added <GatewayConfigManagementNote /> at the top of each page:
  • gateway-authentication-and-access.md
  • gateway-automatic-migration.md
  • gateway-caching/cluster-cache-ha.md
  • gateway-caching/cluster-cache-standalone.md
  • gateway-caching/proactive-caching.md
  • gateway-caching/runtime-caching.md
  • gateway-certificate-store.md
  • gateway-hsm-integration.md
  • gateway-log-forwarding.md
  • gateway-pqc-support-reference.md
  • gateway-zero-knowledge.md

Standalone Docker advanced configuration

• gateway-docker-advanced-configuration.md — added Warning callout before the TLS mount instructions clarifying that mounted cert/key is bootstrap-only and directing users to the UI/CLI for ongoing TLS updates

Validation

• `pre-commit run --files "docs/Akeyless Gateway/configure-gateway/index.md" "docs/Akeyless Gateway/configure-gateway/gateway-tls-settings.md" "docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md" "docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md" "custom_blocks/GatewayConfigManagementNote.md"

Summary by CodeRabbit

• Documentation
  • Added Gateway configuration management guidance across setup and configuration documentation
  • Introduced Akeyless CLI command examples for updating cache settings and TLS certificates
  • Added best practices for Docker deployments regarding TLS certificate bootstrap and management

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a reusable GatewayConfigManagementNote component to communicate best practices for ongoing Gateway configuration management across documentation. The component is defined once, added to 15+ documentation pages with consistent placement, supplemented with CLI command examples in select pages, and paired with a Docker-specific TLS bootstrap warning.

Changes

Gateway configuration management documentation

Layer / File(s)	Summary
Custom block definition and linting allowlist custom_blocks/GatewayConfigManagementNote.md, .github/markdownlint/.markdownlint-cli2.yaml	New GatewayConfigManagementNote component instructs users to manage ongoing Gateway configuration via the Configuration Manager, Akeyless CLI, or Helm values, avoiding startup-command changes. Markdownlint config updated to allow this component as inline HTML (MD033 allowlist).
Core configure-gateway pages docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md, gateway-automatic-migration.md, index.md	GatewayConfigManagementNote inserted near the beginning of foundational configure-gateway documentation pages.
Caching documentation docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md, cluster-cache-ha.md, cluster-cache-standalone.md, proactive-caching.md, runtime-caching.md	Component added to all caching-related pages to highlight configuration management best practices.
Additional configure-gateway pages docs/Akeyless Gateway/configure-gateway/gateway-certificate-store.md, gateway-hsm-integration.md, gateway-log-forwarding.md, gateway-pqc-support-reference.md, gateway-tls-settings.md, gateway-zero-knowledge.md	Component inserted into certificate store, HSM, log forwarding, PQC support, TLS, and zero-knowledge pages.
CLI command examples docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md, gateway-tls-settings.md, docs/Akeyless Gateway/configure-gateway/index.md	Adds practical akeyless CLI examples showing how to update cache runtime settings (enable cache, set staleness options), update TLS certificates, and access Gateway configuration via gateway-get-config.
Docker deployment TLS warning docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md	New warning callout advises using mounted TLS certificate/key files only for initial bootstrap; recommends Gateway Configuration Manager or Akeyless CLI for ongoing TLS updates to prevent configuration drift.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• Avi-Akeyless
• EldadH89

---

🐰 A note hops across every page,
Telling Gateways to behave their age,
Use the CLI, or a manager's care,
Not container commands scattered everywhere!
Configuration drift? We'll take the stage.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically summarizes the main objective: recommending Gateway UI/CLI for ongoing configuration management across documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v1.0_DOCS-773_gateway-config-ui-cli

Warning

Review ran into problems

🔥 Problems

Stopped waiting for pipeline failures after 30000ms. One of your pipelines takes longer than our 30000ms fetch window to run, so review may not consider pipeline-failure results for inline comments if any failures occurred after the fetch window. Increase the timeout if you want to wait longer or run a @coderabbit review after the pipeline has finished.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md (1)

301-303: ⚡ Quick win

Consider moving the warning before the first code example that demonstrates volume mounts.

The warning content is excellent and clearly advises users to prefer the Gateway Configuration Manager or CLI for ongoing TLS updates. However, the current placement (line 301) comes after the code examples at lines 275-283 that already demonstrate the volume mount pattern being discouraged.

Users scanning the documentation may copy one of those earlier examples before reading down to the warning. Moving this warning to appear before line 275 (before the first TLS code example) would ensure users see the guidance before encountering the bootstrap-only volume mount pattern.

📍 Suggested placement improvement

Move the warning block (lines 301-303) to appear immediately after line 273 and before line 275, so users encounter the guidance before seeing volume mount examples:

 We strongly recommend using Akeyless Gateway over TLS to ensure all traffic is encrypted in transit.
 Note that when you enable TLS, you must provide a TLS certificate and a TLS private key in PEM format.

+> ⚠️ **Warning:**
+>
+> Use mounted TLS certificate and key files only for initial bootstrap when required. For ongoing Gateway configuration updates, use the [Gateway Configuration Manager](https://docs.akeyless.io/docs/configure-gateway) or the [Akeyless CLI](https://docs.akeyless.io/docs/cli-reference-gateway) to reduce configuration drift and avoid TLS misconfiguration.
+
 ```shell
 docker run -d -p 8000:8000 -p 5696:5696 -e GATEWAY_ACCESS_ID="your-access-id" -e GATEWAY_ACCESS_KEY="matching-access-key" -e ENABLE_TLS="true" -e ENABLE_TLS_CONFIGURE="true" -e ENABLE_TLS_CURL="true" -e ENABLE_TLS_HVP="true" -e MIN_TLS_VERSION="TLSv1.3" -v $PWD/cert.crt:/home/akeyless/.akeyless/akeyless-api-cert.crt -v $PWD/key.pem:/home/akeyless/.akeyless/akeyless-api-cert.key --name akeyless-gw akeyless/base:latest-akeyless

Then remove the warning from its current position (lines 301-303) and adjust line 299 to read:

-With the following parameters, you can mount the TLS certificate and the TLS private key from the present working directory to the Gateway target directory:
-
-> ⚠️ **Warning:**
->
-> Use mounted TLS certificate and key files only for initial bootstrap when required. For ongoing Gateway configuration updates, use the [Gateway Configuration Manager](https://docs.akeyless.io/docs/configure-gateway) or the [Akeyless CLI](https://docs.akeyless.io/docs/cli-reference-gateway) to reduce configuration drift and avoid TLS misconfiguration.
-
+The above examples use the following volume mount parameters to provide the TLS certificate and private key from the present working directory to the Gateway target directory:
+
 * `-v $PWD/cert.crt:/home/akeyless/.akeyless/akeyless-api-cert.crt`

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Akeyless`
Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md
around lines 301 - 303, Move the existing warning block about using mounted TLS
cert/key files (the "⚠️ Warning" paragraph) so it appears immediately before the
first Docker run code example that demonstrates volume mounts (i.e., insert the
warning after the paragraph that ends at line 273 and before the example
starting at line 275), and remove the duplicated warning at its current location
(lines ~301-303); keep the warning text unchanged but update surrounding text if
needed so the flow presents the guidance before the volume-mount example.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/Akeyless`
Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md:
- Around line 301-303: Move the existing warning block about using mounted TLS
cert/key files (the "⚠️ Warning" paragraph) so it appears immediately before the
first Docker run code example that demonstrates volume mounts (i.e., insert the
warning after the paragraph that ends at line 273 and before the example
starting at line 275), and remove the duplicated warning at its current location
(lines ~301-303); keep the warning text unchanged but update surrounding text if
needed so the flow presents the guidance before the volume-mount example.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 66557ec5-91c1-429a-930a-59b836e0f3a5

📥 Commits

Reviewing files that changed from the base of the PR and between 7853ab0 and 0c38e22.

📒 Files selected for processing (17)

• .github/markdownlint/.markdownlint-cli2.yaml
• custom_blocks/GatewayConfigManagementNote.md
• docs/Akeyless Gateway/configure-gateway/gateway-authentication-and-access.md
• docs/Akeyless Gateway/configure-gateway/gateway-automatic-migration.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/cluster-cache-ha.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/cluster-cache-standalone.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md
• docs/Akeyless Gateway/configure-gateway/gateway-caching/runtime-caching.md
• docs/Akeyless Gateway/configure-gateway/gateway-certificate-store.md
• docs/Akeyless Gateway/configure-gateway/gateway-hsm-integration.md
• docs/Akeyless Gateway/configure-gateway/gateway-log-forwarding.md
• docs/Akeyless Gateway/configure-gateway/gateway-pqc-support-reference.md
• docs/Akeyless Gateway/configure-gateway/gateway-tls-settings.md
• docs/Akeyless Gateway/configure-gateway/gateway-zero-knowledge.md
• docs/Akeyless Gateway/configure-gateway/index.md
• docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md