Securing sensitive data
With decK, you can manage sensitive values such as credentials or certificates using one of the following options:
|Option||Description||Why use this method?|
|decK environment variables||Store values as environment variables and access them directly through decK.||• You can use this option for environment-specific values.
• This method can store any configuration values used by Kong Gateway entities.
• Available for all Kong Gateway packages: open-source, Enterprise Free mode, and Enterprise licensed mode.
|Secrets in Kong Gateway||Store values as secrets in a vault, then reference the secrets with a
The environment variable vault can be used in Free mode without a license, while all other vault backends require a license.
|• Is a secure way to manage sensitive information in one of the following vaults: AWS, GCP, HashiCorp Vault, or environment variables.
• You can use secrets to store many sensitive values, including parameters in Kong’s configuration (
• Secrets management is only available for Kong Gateway Enterprise packages. It is not available for open-source Kong Gateway.