Kong Gateway
3.0.x
(latest)
Reference Format
We use the URL syntax to describe references to a secret store.
{vault://<vault-backend|entity>/<secret-id>[/<secret-key][?query]}
Protocol/Scheme
{vault://<vault-backend|entity>/<secret-id>[/<secret-key]}
^^^^^
The vault in the URL is used as an identifier for Kong. We use this to reference a vault.
Host/Path
{vault://<vault-prefix>/<secret-id>[/<secret-key]}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The host and path of the URL defines the following:
Vault Prefix
The prefix for a vault can be either the name of the backend or the name of vault entity that you created.
Examples:
{vault://env/<secret-id>[/<secret-key]}
^^^
or using a vault entity
{vault://my-env-vault/<secret-id>[/<secret-key]}
^^^^^^^^^^^^
Secret ID
The secret-id is used as an identifier for a secret stored in a vault. The vault
may return either a string value (a single secret) or multiple related secrets
like username and password as a secret object.
Secret Key
The secret-key is used to identify the secret within the secret-id object.
Query
Query arguments are used to denote configuration options in a key=value format to the Vault Prefix