Skip to content
|
search
Kong Gateway
3.0.x
You are browsing documentation for an outdated version. See the latest documentation here.

Reference Format

We use the URL syntax to describe references to a secret store.

{vault://<vault-backend|entity>/<secret-id>[/<secret-key][?query]}

Protocol/Scheme

{vault://<vault-backend|entity>/<secret-id>[/<secret-key]}
 ^^^^^

The vault in the URL is used as an identifier for Kong. We use this to reference a vault.

Host/Path

{vault://<vault-prefix>/<secret-id>[/<secret-key]}
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The host and path of the URL defines the following:

Vault Prefix

The prefix for a vault can be either the name of the backend or the name of vault entity that you created.

Examples:

{vault://env/<secret-id>[/<secret-key]}
         ^^^

or using a vault entity

{vault://my-env-vault/<secret-id>[/<secret-key]}
         ^^^^^^^^^^^^

Secret ID

The secret-id is used as an identifier for a secret stored in a vault. The vault may return either a string value (a single secret) or multiple related secrets like username and password as a secret object.

Secret Key

The secret-key is used to identify the secret within the secret-id object.

Query

Query arguments are used to denote configuration options in a key=value format to the Vault Prefix