Skip to content
|
search
Kong Gateway
3.2.x
github-edit-pageEdit this page
report-issueReport an issue
You are browsing documentation for an outdated version. See the latest documentation here.

Keyring and Data Encryption Reference

View Keyring

Endpoint

/keyring

Response

HTTP 200 OK

{
    "active": "RfsDJ2Ol",
    "ids": [
        "RfsDJ2Ol",
        "xSD219lH"
    ]
}

View Active Key

Endpoint

/keyring/active

Response

HTTP 200 OK

{
    "id": "RfsDJ2Ol"
}

Export Keyring

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/export

Response

HTTP 200 OK

{
    "data": "<base64>..."
}

Import Exported Keyring

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/import

Request Body

Attribute Description
data Base64-encoded keyring export material.

Response

HTTP 201 Created

Import Key

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/import/raw

Request Body

Attribute Description
id 8-byte key identifier.
data Base64-encoded keyring export material.

Response

HTTP 201 Created

Recover Keyring from Database

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_recovery_public_key Kong configuration value is defined.

Endpoint

/keyring/recover

Request Body

Attribute Description
recovery_private_key The content of the private key.

Response

HTTP 200 OK

{
    "message": "successfully recovered 1 keys",
    "recovered": [
        "RfsDJ2Ol"
    ],
    "not_recovered": [
        "xSD219lH"
    ]
}

Generate New Key

This endpoint is only available with the cluster keyring strategy.

Endpoint

/keyring/generate

Response

HTTP 201 Created

{
    "id": "500pIquV",
    "key": "3I23Ben5m7qKcCA/PK7rnsNeD3kI4IPtA6ki7YjAgKA="
}

Remove Key from Keyring

This endpoint is only available with the cluster keyring strategy.

Endpoint

/keyring/remove

Request Body

Attribute Description
key 8-byte key identifier.

Response

HTTP 204 No Content

Sync Keyring with Vault Endpoint

This endpoint is only available with the vault keyring strategy.

Endpoint

/keyring/vault/sync

Response

HTTP 204 No Content