Enable Basic Auth for Kong Manager
Set enforce-rbac = on
, admin_gui_auth = basic-auth
, and admin_gui_session_conf = { "secret":"kong" }
in your Kong configuration file or as environment variables. Then, log in to Kong Manager with kong_admin
as your username and kong
as your password.
Set environment variables
Set the Kong Gateway license as a variable:
export KONG_LICENSE_DATA='LICENSE-CONTENTS-GO-HERE'
Start Kong Gateway
Create the Kong Gateway container and enable RBAC and basic auth. In this example, we can use the quickstart:
curl -Ls get.konghq.com/quickstart | bash -s -- -e "KONG_LICENSE_DATA" \
-e "KONG_ENFORCE_RBAC=on" \
-e "KONG_ADMIN_GUI_AUTH=basic-auth" \
-e "KONG_PASSWORD=kong" \
-e 'KONG_ADMIN_GUI_SESSION_CONF={"secret":"kong"}'
This enables RBAC, sets basic-auth
as the authentication method, and creates a session secret.
Kong Manager uses the Session plugin in the background.
This plugin (configured with admin_gui_session_conf
) requires a secret and is configured securely by default. Under all circumstances, the secret
must be manually set to a string.
For more information about the values, see the RBAC reference.
Validate
To validate that basic authentication was configured correctly for Kong Manager, navigate to the Kong Manager GUI at http://localhost:8002 and use the username (kong_admin
) and the password (kong
) you set when you created the Kong Gateway container.
To log in to Kong Manage with basic auth, you must have super admin permissions or a user that has
/admins
and/rbac
read and write access.
Cleanup
Destroy the Kong Gateway container
curl -Ls https://get.konghq.com/quickstart | bash -s -- -d