Securing sensitive data
With decK, you can manage sensitive values such as credentials or certificates
using one of the following options:
||Why use this method?
|decK environment variables
||Store values as environment variables and access them directly through decK.
||• You can use this option for environment-specific values.
• This method can store any configuration values used by Kong Gateway entities.
• Available for all Kong Gateway packages: open-source, Enterprise Free mode, and Enterprise licensed mode.
|Secrets in Kong Gateway
||Store values as secrets in a vault, then reference the secrets with a
vault reference. In this case, the Kong Gateway data plane manages the secrets with a
The environment variable vault can be used in Free mode without a license, while all other vault backends require a license.
|• Is a secure way to manage sensitive information in one of the following vaults: AWS, GCP, HashiCorp Vault, or environment variables.
• You can use secrets to store many sensitive values, including parameters in Kong’s configuration (
kong.conf). See Secrets Management in Kong Gateway for a full list.
• Secrets management is only available for Kong Gateway Enterprise packages. It is not available for open-source Kong Gateway.