Anonymize high-risk PII categories with custom patternsv3.10+
Configure the plugin to anonymize high-risk PII categories (email, phone, SSN, and credit cards) along with custom patterns for sensitive tokens.
Prerequisites
-
You have enabled the AI Proxy or AI Proxy Advanced plugin
-
You have pulled and run an AI PII Anonymizer service image
Environment variables
-
SANITIZER_SERVICE_HOST: The sanitizer service’s host -
SANITIZER_SERVICE_PORT: The sanitizer service’s port
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-sanitizer
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: ${{ env "DECK_SANITIZER_SERVICE_PORT" }}
host: ${{ env "DECK_SANITIZER_SERVICE_HOST" }}
redact_type: placeholder
stop_on_error: true
recover_redacted: false
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: ai-sanitizer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: '$SANITIZER_SERVICE_PORT'
host: '$SANITIZER_SERVICE_HOST'
redact_type: placeholder
stop_on_error: true
recover_redacted: false
plugin: ai-sanitizer
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_sanitizer" "my_ai_sanitizer" {
enabled = true
config = {
anonymize = ["email", "phone", "ssn", "creditcard", "custom"]
custom_patterns = [
{
name = "aws_api_key"
regex = "AKIA[0-9A-Z]{16}"
score = 0.95
},
{
name = "github_token"
regex = "ghp_[A-Za-z0-9]{36}"
score = 0.9
},
{
name = "jwt_token"
regex = "eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+"
score = 0.85
} ]
port = var.sanitizer_service_port
host = var.sanitizer_service_host
redact_type = "placeholder"
stop_on_error = true
recover_redacted = false
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "sanitizer_service_port" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-sanitizer
service: serviceName|Id
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: ${{ env "DECK_SANITIZER_SERVICE_PORT" }}
host: ${{ env "DECK_SANITIZER_SERVICE_HOST" }}
redact_type: placeholder
stop_on_error: true
recover_redacted: false
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-sanitizer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: '$SANITIZER_SERVICE_PORT'
host: '$SANITIZER_SERVICE_HOST'
redact_type: placeholder
stop_on_error: true
recover_redacted: false
plugin: ai-sanitizer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=ai-sanitizer
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_sanitizer" "my_ai_sanitizer" {
enabled = true
config = {
anonymize = ["email", "phone", "ssn", "creditcard", "custom"]
custom_patterns = [
{
name = "aws_api_key"
regex = "AKIA[0-9A-Z]{16}"
score = 0.95
},
{
name = "github_token"
regex = "ghp_[A-Za-z0-9]{36}"
score = 0.9
},
{
name = "jwt_token"
regex = "eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+"
score = 0.85
} ]
port = var.sanitizer_service_port
host = var.sanitizer_service_host
redact_type = "placeholder"
stop_on_error = true
recover_redacted = false
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "sanitizer_service_port" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-sanitizer
route: routeName|Id
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: ${{ env "DECK_SANITIZER_SERVICE_PORT" }}
host: ${{ env "DECK_SANITIZER_SERVICE_HOST" }}
redact_type: placeholder
stop_on_error: true
recover_redacted: false
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-sanitizer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: '$SANITIZER_SERVICE_PORT'
host: '$SANITIZER_SERVICE_HOST'
redact_type: placeholder
stop_on_error: true
recover_redacted: false
plugin: ai-sanitizer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=ai-sanitizer
kubectl annotate -n kong ingress konghq.com/plugins=ai-sanitizer
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_sanitizer" "my_ai_sanitizer" {
enabled = true
config = {
anonymize = ["email", "phone", "ssn", "creditcard", "custom"]
custom_patterns = [
{
name = "aws_api_key"
regex = "AKIA[0-9A-Z]{16}"
score = 0.95
},
{
name = "github_token"
regex = "ghp_[A-Za-z0-9]{36}"
score = 0.9
},
{
name = "jwt_token"
regex = "eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+"
score = 0.85
} ]
port = var.sanitizer_service_port
host = var.sanitizer_service_host
redact_type = "placeholder"
stop_on_error = true
recover_redacted = false
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "sanitizer_service_port" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-sanitizer
consumer: consumerName|Id
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: ${{ env "DECK_SANITIZER_SERVICE_PORT" }}
host: ${{ env "DECK_SANITIZER_SERVICE_HOST" }}
redact_type: placeholder
stop_on_error: true
recover_redacted: false
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumers/{consumerId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
consumerId: Theidof the consumer the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-sanitizer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: '$SANITIZER_SERVICE_PORT'
host: '$SANITIZER_SERVICE_HOST'
redact_type: placeholder
stop_on_error: true
recover_redacted: false
plugin: ai-sanitizer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the KongConsumer resource:
kubectl annotate -n kong CONSUMER_NAME konghq.com/plugins=ai-sanitizer
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_sanitizer" "my_ai_sanitizer" {
enabled = true
config = {
anonymize = ["email", "phone", "ssn", "creditcard", "custom"]
custom_patterns = [
{
name = "aws_api_key"
regex = "AKIA[0-9A-Z]{16}"
score = 0.95
},
{
name = "github_token"
regex = "ghp_[A-Za-z0-9]{36}"
score = 0.9
},
{
name = "jwt_token"
regex = "eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+"
score = 0.85
} ]
port = var.sanitizer_service_port
host = var.sanitizer_service_host
redact_type = "placeholder"
stop_on_error = true
recover_redacted = false
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer = {
id = konnect_gateway_consumer.my_consumer.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "sanitizer_service_port" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: ai-sanitizer
consumer_group: consumerGroupName|Id
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: ${{ env "DECK_SANITIZER_SERVICE_PORT" }}
host: ${{ env "DECK_SANITIZER_SERVICE_HOST" }}
redact_type: placeholder
stop_on_error: true
recover_redacted: false
Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumer_groups/{consumerGroupName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumer_groups/{consumerGroupId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "ai-sanitizer",
"config": {
"anonymize": [
"email",
"phone",
"ssn",
"creditcard",
"custom"
],
"custom_patterns": [
{
"name": "aws_api_key",
"regex": "AKIA[0-9A-Z]{16}",
"score": 0.95
},
{
"name": "github_token",
"regex": "ghp_[A-Za-z0-9]{36}",
"score": 0.9
},
{
"name": "jwt_token",
"regex": "eyJ[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+",
"score": 0.85
}
],
"port": "'$SANITIZER_SERVICE_PORT'",
"host": "'$SANITIZER_SERVICE_HOST'",
"redact_type": "placeholder",
"stop_on_error": true,
"recover_redacted": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
consumerGroupId: Theidof the consumer group the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ai-sanitizer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
anonymize:
- email
- phone
- ssn
- creditcard
- custom
custom_patterns:
- name: aws_api_key
regex: AKIA[0-9A-Z]{16}
score: 0.95
- name: github_token
regex: ghp_[A-Za-z0-9]{36}
score: 0.9
- name: jwt_token
regex: eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+
score: 0.85
port: '$SANITIZER_SERVICE_PORT'
host: '$SANITIZER_SERVICE_HOST'
redact_type: placeholder
stop_on_error: true
recover_redacted: false
plugin: ai-sanitizer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the KongConsumerGroup resource:
kubectl annotate -n kong CONSUMERGROUP_NAME konghq.com/plugins=ai-sanitizer
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_ai_sanitizer" "my_ai_sanitizer" {
enabled = true
config = {
anonymize = ["email", "phone", "ssn", "creditcard", "custom"]
custom_patterns = [
{
name = "aws_api_key"
regex = "AKIA[0-9A-Z]{16}"
score = 0.95
},
{
name = "github_token"
regex = "ghp_[A-Za-z0-9]{36}"
score = 0.9
},
{
name = "jwt_token"
regex = "eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+"
score = 0.85
} ]
port = var.sanitizer_service_port
host = var.sanitizer_service_host
redact_type = "placeholder"
stop_on_error = true
recover_redacted = false
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer_group = {
id = konnect_gateway_consumer_group.my_consumer_group.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "sanitizer_service_port" {
type = string
}