Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.3.x (latest)
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this pageOn this page
  • Protocol/Scheme
  • Host/Path
  • Query
Kong Gateway
3.0.x
  • Home
  • Kong Gateway
  • Kong Enterprise
  • Secrets Management
  • Reference Format
You are browsing documentation for an outdated version. See the latest documentation here.

Reference Format

We use the URL syntax to describe references to a secret store.

{vault://<vault-backend|entity>/<secret-id>[/<secret-key][?query]}

Protocol/Scheme

{vault://<vault-backend|entity>/<secret-id>[/<secret-key]}
 ^^^^^

The vault in the URL is used as an identifier for Kong. We use this to reference a vault.

Host/Path

{vault://<vault-prefix>/<secret-id>[/<secret-key]}
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The host and path of the URL defines the following:

Vault Prefix

The prefix for a vault can be either the name of the backend or the name of vault entity that you created.

Examples:

{vault://env/<secret-id>[/<secret-key]}
         ^^^

or using a vault entity

{vault://my-env-vault/<secret-id>[/<secret-key]}
         ^^^^^^^^^^^^

Secret ID

The secret-id is used as an identifier for a secret stored in a vault. The vault may return either a string value (a single secret) or multiple related secrets like username and password as a secret object.

Secret Key

The secret-key is used to identify the secret within the secret-id object.

Query

Query arguments are used to denote configuration options in a key=value format to the Vault Prefix

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023