Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
OverviewGateway Setup For IdesAccess Keys For Ides
VS Code
Vscode Github CopilotVscode ContinueVscode CodyVscode Custom Extensions
JetBrains
Jetbrains AI AssistantJetbrains ContinueJetbrains Custom Plugins
Other IDEs
CursorWindsurfNeovimZedXcodeEmacs
Team & Operations
Hosted Gateway For TeamsPolicies For Ide TrafficMonitoring Ide UsageTroubleshooting
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Setting Up the Gateway for IDE Use

This guide walks you through preparing the Keeptrusts gateway to handle traffic from your IDE AI assistant. After completing these steps, your gateway accepts OpenAI-compatible requests on http://localhost:41002/v1.

Use this page when

  • You are working through Setting Up the Gateway for IDE Use as an implementation or operating workflow in Keeptrusts.
  • You need the practical steps, expected outcomes, and related validation guidance in one place.
  • If you need exact field-by-field reference instead of a workflow page, use the linked reference pages in Next steps.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Install the kt CLI

Choose your platform:

macOS (Homebrew)

brew tap keeptrusts/tap
brew install keeptrusts

Linux (deb)

curl -fsSL https://releases.keeptrusts.com/deb/keeptrusts.gpg | sudo gpg --dearmor -o /usr/share/keyrings/keeptrusts.gpg
echo "deb [signed-by=/usr/share/keyrings/keeptrusts.gpg] https://releases.keeptrusts.com/deb stable main" | sudo tee /etc/apt/sources.list.d/keeptrusts.list
sudo apt update && sudo apt install keeptrusts

Linux (rpm)

sudo rpm --import https://releases.keeptrusts.com/rpm/keeptrusts.gpg
sudo dnf config-manager --add-repo https://releases.keeptrusts.com/rpm/keeptrusts.repo
sudo dnf install keeptrusts

Direct Download

Download the binary for your platform from the releases page and place it on your PATH.

Verify Installation

kt --version

Initialize a Policy Config

Run kt init to generate a starter policy-config.yaml in your current directory:

kt init

This creates a config file with sensible defaults. You can customize it later to add policies for redaction, blocking, or escalation.

Configure Provider Credentials

The gateway needs credentials to forward requests to your LLM provider. Set the appropriate environment variable for your provider:

# OpenAI
export OPENAI_API_KEY="sk-..."

# Anthropic
export ANTHROPIC_API_KEY="sk-ant-..."

# Azure OpenAI
export AZURE_OPENAI_API_KEY="..."
export AZURE_OPENAI_ENDPOINT="https://your-resource.openai.azure.com"

# Google (Gemini)
export GOOGLE_API_KEY="..."

In your policy-config.yaml, reference the credential using object-form secret_key_ref:

pack:
  name: gateway-setup-for-ides
  version: 0.1.0
  enabled: true
providers:
  targets:
    - id: openai-primary
      provider: openai
      model: gpt-4o
      base_url: https://api.openai.com
      secret_key_ref:
        env: OPENAI_API_KEY
policies:
  chain:
    - audit-logger
policy:
  audit-logger:
    retention_days: 30

The gateway reads the environment variable at runtime through secret_key_ref.env. Never hard-code API keys in the config file.

Start the Gateway

kt gateway run \
  --listen 127.0.0.1:41002 \
  --policy-config policy-config.yaml

In this IDE-focused setup, the command above binds the gateway to 127.0.0.1:41002. You should see output confirming the port and loaded policies:

[INFO] Gateway listening on 127.0.0.1:41002
[INFO] Loaded policy config: policy-config.yaml
[INFO] Providers: openai
[INFO] Policies: 1

Verify the Gateway

Confirm the gateway is running and can reach your provider:

curl http://localhost:41002/v1/models

You should see a JSON response listing available models. If you get a connection error, check that the gateway process is running.

Choose a Listen Address

For IDE traffic, prefer binding the gateway to 127.0.0.1:41002, which only accepts connections from your local machine.

Binding to All Interfaces

If you run the gateway on a remote development machine (SSH, cloud VM, Codespaces), bind to all interfaces:

kt gateway run --policy-config policy-config.yaml --listen 0.0.0.0:41002
warning

Binding to 0.0.0.0 exposes the gateway on your network. Always use TLS and access keys when binding to non-localhost addresses.

Custom Port

Change the port if 41002 conflicts with another service:

kt gateway run --policy-config policy-config.yaml --listen 127.0.0.1:8080

Update your IDE assistant configuration to match the new port.

Set Up TLS for Remote Access

When exposing the gateway on a network, enable TLS:

kt gateway run \
  --policy-config policy-config.yaml \
  --listen 0.0.0.0:41002 \
  --tls-cert /path/to/cert.pem \
  --tls-key /path/to/key.pem

Your IDE assistant then connects to https://your-host:41002/v1.

For development, you can generate a self-signed certificate:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Some IDE extensions require you to disable certificate verification for self-signed certs. See the per-IDE guides for details.

Verify Your Environment

Run kt doctor to check that everything is configured correctly:

kt doctor

This checks:

  • The kt binary version
  • Whether policy-config.yaml is valid
  • Whether provider credentials are set
  • Whether the gateway port is available
  • Network connectivity to configured providers

Fix any reported issues before proceeding to IDE configuration.

Running as a Background Service

For persistent use, run the gateway in the background:

# Using nohup
nohup kt gateway run --policy-config policy-config.yaml &

# Using systemd (Linux)
# Create a service file at /etc/systemd/system/keeptrusts-gateway.service

# Using launchd (macOS)
# Create a plist at ~/Library/LaunchAgents/com.keeptrusts.gateway.plist

For AI systems

  • Canonical terms: Keeptrusts, Setting Up the Gateway for IDE Use, ide-integration.
  • Exact feature, config, command, or page names: Setting Up the Gateway for IDE Use.
  • Use the linked audience and reference pages in Next steps when you need deeper source material.

For engineers

  • Use the commands, configuration examples, API payloads, or UI steps in this page as the working baseline for Setting Up the Gateway for IDE Use.
  • Validate the result with the expected outcomes, troubleshooting notes, or linked workflow pages in this page and Next steps.

For leaders

  • This page matters when planning rollout, governance, support ownership, or operating decisions for Setting Up the Gateway for IDE Use.
  • Use the linked audience, architecture, and workflow pages in Next steps to connect this detail to broader implementation choices.

Next steps

With the gateway running, configure your IDE assistant to route through it: