Create a Vault
Uses:
Kong Gateway Operator
Related Documentation
Incompatible with
on-prem
Tags
Related Resources
TL;DR
Define a KongVault resource and associate it with your KonnectGatewayControlPlane to manage secrets using a configured backend.
Prerequisites
Kong Konnect
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'Copied to clipboard!
Create a KongVault
Use the KongVault resource to provision a Vault in Konnect. The Vault defines a secure configuration backend. Your KongVault must be associated with a KonnectGatewayControlPlane object that you’ve created in your cluster.
echo '
kind: KongVault
apiVersion: configuration.konghq.com/v1alpha1
metadata:
name: env-vault
namespace: kong
spec:
backend: env
prefix: env-vault
config:
prefix: env-vault
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: gateway-control-plane
namespace: kong
' | kubectl apply -f -
Copied to clipboard!
Validation
Check that Programmed is True on the env-vault resource:
You can verify the KongVault was reconciled successfully by checking its Programmed condition.
kubectl get -n kong kongvault env-vault \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
Copied to clipboard!
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}
Copied to clipboard!