Gateway CLI

The Weaklayer Gateway Reference Implementation CLI is a program that contains the Weaklayer Gateway Reference Implementation itself as well as other sub-commands to help with administration.



The help sub-command lists all other sub-commands. Here is the output of the help sub-command.

$ weaklayer-gateway help

Welcome to Weaklayer Gateway
This program contains the Weaklayer Gateway Server and associated admin utilities
More information and documentation at

  weaklayer-gateway [flags]
  weaklayer-gateway [command]

Available Commands:
  help        Help about any command
  key         Generate an install key and corresponding verifier
  license     Display license information for this program
  secret      Generate a random 512-bit secret
  server      Run the Weaklayer Gateway Server

  -h, --help   help for weaklayer-gateway

Use "weaklayer-gateway [command] --help" for more information about a command.


The key sub-command generates an install key / verifier pair that get put into the sensor and gateway configs respectively.

$ weaklayer-gateway  key --help
Generate an install key and corresponding verifier

  weaklayer-gateway key [flags]

      --group string   Valid UUID to indentify the sensor group (default "<New Random UUID>")
  -h, --help           help for key

The key sub-command has an option for --group. This lets you create a new install key / verifier pair for an existing group. This is useful if you want to rotate install keys. Otherwise a new random UUID is generated for the group. Here is an example.

$ weaklayer-gateway key --group 68886d61-572b-41a5-8edd-93a564fb5ba3
  "key": {
    "group": "68886d61-572b-41a5-8edd-93a564fb5ba3",
    "secret": "rc7/2LoF4VdEiev9s/pXMKmJRtpN6cuJLvdMXqtYWF2uJzdskIOU67eYpjvI2AnJs9snYvNO6N7e6JIILH5jxQ==",
    "checksum": "OHrdCijHV4Go5zOCR3d63UJzWU1NSi0R9Vjf3kdKKwE="
  "verifier": {
    "group": "68886d61-572b-41a5-8edd-93a564fb5ba3",
    "salt": "1DPJow==",
    "hash": "MqeVIjhWiNIO0poSiJ/rQ85kb6CQHQxG3ZRJMe8HeGE=",
    "checksum": "53RCDG7qd5wDzPJ5EoPIaWIcKFxL/0kXCB5ip+5g6gk="

The contents of the key object should be placed in a sensor configuration and the verifier contents should be placed in a gateway configuration. By using this sub-command for install key / verifier generation, you guarantee that they will function correctly and are sufficiently random.


The license sub-command displays license information regarding the Weaklayer Gateway.


The secret sub-command generates a random 512-bit secret. This secret value is meant to be used as a token signing / verification secret in the gateway configuration.

$ weaklayer-gateway secret --help
Generate a random 512-bit secret

  weaklayer-gateway secret [flags]

  -h, --help   help for secret

Here is an example.

$ weaklayer-gateway secret
  "secret": "ijfeBHAclCb6jnck2VPnwunq+H3Erb7/hcrQF6cBOGFgu4B8JTTBdTkW8NF2Vd8cklQNmXpYOk7g4FL2T/2TaA=="


The server sub-command is use to actually run the Weaklayer Gateway.

$ weaklayer-gateway server --help
Run the Weaklayer Gateway Server

  weaklayer-gateway server [flags]

      --config string   Path to the desired config file
                        Permitted formats are YAML, JSON, TOML, HCL, envfile and Java properties config files
  -h, --help            help for server

You must provide a mandatory config file to the server sub-command. See the Gateway Configuration page for details on gateway configuration. Here is an example.

$ weaklayer-gateway-macOS-amd64 server --config example_config.json
{"level":"info","time":1597755551631773,"message":"Starting Weaklayer Gateway Server"}

The printed line is an application log sent to stderr.