You are browsing documentation for an outdated version. See the
latest documentation here.
Securing sensitive data
With decK, you can manage sensitive values such as credentials or certificates
using one of the following options:
||Why use this method?
|decK environment variables
||Store values as environment variables and access them directly through decK.
||• You can use this option for environment-specific values.
• This method can store any configuration values used by Kong Gateway entities.
• Available for all Kong Gateway packages: open-source, Enterprise Free mode, and Enterprise licensed mode.
|Secrets in Kong Gateway
||Store values as secrets in a vault, then reference the secrets with a
vault reference. In this case, the Kong Gateway data plane manages the secrets with a
The environment variable vault can be used in Free mode without a license, while all other vault backends require a license.
|• Is a secure way to manage sensitive information in one of the following vaults: AWS, GCP, HashiCorp Vault, or environment variables.
• You can use secrets to store many sensitive values, including parameters in Kong’s configuration (
kong.conf). See Secrets Management in Kong Gateway for a full list.
• Secrets management is only available for Kong Gateway Enterprise packages. It is not available for open-source Kong Gateway.