Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 1.19.x (latest)
  • 1.18.x
  • 1.17.x
  • 1.16.x
  • 1.15.x
  • 1.14.x
  • 1.13.x
  • 1.12.x
  • 1.11.x
  • 1.10.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • pre-1.7
    • Terminology
    • Architecture
    • Compatibility Promise
    • Getting Started with decK
    • Backup and Restore
    • Upgrade to Kong Gateway 3.x
    • Configuration as Code and GitOps
    • Distributed Configuration
    • Best Practices
    • Using decK with Kong Gateway (Enterprise)
    • Using decK with Konnect
    • Run decK with Docker
    • Using Multiple Files to Store Configuration
    • De-duplicate Plugin Configuration
    • Set Up Object Defaults
      • Overview
      • Secret Management with decK
      • Using Environment Variables with decK
    • Entities Managed by decK
      • deck completion
      • deck convert
      • deck diff
      • deck dump
      • deck ping
      • deck reset
      • deck sync
      • deck validate
      • deck version

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

decK
1.19.x (latest)
  • Home
  • decK
  • Guides
  • Security
  • Securing sensitive data

Securing sensitive data

With decK, you can manage sensitive values such as credentials or certificates using one of the following options:

Option Description Why use this method?
decK environment variables Store values as environment variables and access them directly through decK. • You can use this option for environment-specific values.

• This method can store any configuration values used by Kong Gateway entities.

• Available for all Kong Gateway packages: open-source, Enterprise Free mode, and Enterprise licensed mode.
Secrets in Kong Gateway Store values as secrets in a vault, then reference the secrets with a vault reference. In this case, the Kong Gateway data plane manages the secrets with a vaults entity.
The environment variable vault can be used in Free mode without a license, while all other vault backends require a license.
• Is a secure way to manage sensitive information in one of the following vaults: AWS, GCP, HashiCorp Vault, or environment variables.

• You can use secrets to store many sensitive values, including parameters in Kong’s configuration (kong.conf). See Secrets Management in Kong Gateway for a full list.

• Secrets management is only available for Kong Gateway Enterprise packages. It is not available for open-source Kong Gateway.
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023