Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 1.19.x (latest)
  • 1.18.x
  • 1.17.x
  • 1.16.x
  • 1.15.x
  • 1.14.x
  • 1.13.x
  • 1.12.x
  • 1.11.x
  • 1.10.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • pre-1.7
    • Terminology
    • Architecture
    • Compatibility Promise
    • Getting Started with decK
    • Backup and Restore
    • Upgrade to Kong Gateway 3.x
    • Configuration as Code and GitOps
    • Distributed Configuration
    • Best Practices
    • Using decK with Kong Gateway (Enterprise)
    • Using decK with Konnect
    • Run decK with Docker
    • Using Multiple Files to Store Configuration
    • De-duplicate Plugin Configuration
    • Set Up Object Defaults
      • Overview
      • Secret Management with decK
      • Using Environment Variables with decK
    • Entities Managed by decK
      • deck completion
      • deck convert
      • deck diff
      • deck dump
      • deck ping
      • deck reset
      • deck sync
      • deck validate
      • deck version

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

decK
1.16.x
  • Home
  • decK
  • Guides
  • Security
  • Securing sensitive data
You are browsing documentation for an outdated version. See the latest documentation here.

Securing sensitive data

With decK, you can manage sensitive values such as credentials or certificates using one of the following options:

Option Description Why use this method?
decK environment variables Store values as environment variables and access them directly through decK. • You can use this option for environment-specific values.

• This method can store any configuration values used by Kong Gateway entities.

• Available for all Kong Gateway packages: open-source, Enterprise Free mode, and Enterprise licensed mode.
Secrets in Kong Gateway Store values as secrets in a vault, then reference the secrets with a vault reference. In this case, the Kong Gateway data plane manages the secrets with a vaults entity.
The environment variable vault can be used in Free mode without a license, while all other vault backends require a license.
• Is a secure way to manage sensitive information in one of the following vaults: AWS, GCP, HashiCorp Vault, or environment variables.

• You can use secrets to store many sensitive values, including parameters in Kong’s configuration (kong.conf). See Secrets Management in Kong Gateway for a full list.

• Secrets management is only available for Kong Gateway Enterprise packages. It is not available for open-source Kong Gateway.
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023