Advanced Secrets Configuration
This feature is released as and should not be deployed in a production environment.
Vault implementations offer a variety of advanced configuration options.
You can configure your vault backend with query arguments.
For example, the following query uses an option called
prefix with the value
For more information on available configuration options,
refer to respective vault backend documentation.
You can configure your vault backend with
KONG_VAULT_<vault-backend>_<config_opt> environment variables.
For example, Kong Gateway might look for an environment variable that matches
You can configure your vault backend using the
For the beta release of this feature, the endpoint is
http PUT :8001/vaults-beta/my-env-vault \
description="ENV vault for secrets" \
This lets you drop the configuration from environment variables and query arguments and use the entity name in the reference.
For more information, see the section on the Vaults entity.
Beta warning: In the beta release, only the
kong vault get command is supported.
Usage: kong vault COMMAND [OPTIONS]
Vault utilities for Kong.
TEST=hello kong vault get env/test
The available commands are:
get <reference> Retrieves a value for <reference>
The API endpoint is suffixed with
-beta to avoid any possible conflicts. This will be
changed in the future. Kong Manager has currently no supports for configuring vault entities.
The Vault entity can only be used once the database is initialized. Secrets for values that are used before the database is initialized can’t make use of the Vaults entity.
Create a Vault entity:
"description": "ENV vault for secrets",
Config options depend on the associated backend used.