Konnect Config Store
You can store your sensitive data directly in Konnect via the Konnect Config Store. Konnect Config Store is scoped to a control plane today and works directly with Gateway’s Vaults entity in Gateway Manager to easily manage security and governance policies. Konnect Config Store is built with security in mind such that once a secret is stored in Konnect, you cannot view the value again. This ensures that sensitive data is not visible in plain text anywhere.
Configure the Konnect config store
Reference Konnect Config Store secrets
You can now store secrets in the Konnect Config Store and reference them throughout the control plane. For instance, a secret in the Konnect Config Store named secret-name
can hold multiple key-value pairs:
{
"foo": "bar",
"snip": "snap"
}
To make these secrets accessible to Kong Gateway, reference the environment variables using a specific URL format. For the example above, the references would be:
{vault://konnect/secret-name/foo}
{vault://konnect/secret-name/snip}
This allows Kong Gateway to recognize and retrieve the stored secrets.
Supported fields
Parameter | Field Name | Description |
---|---|---|
vaults.description |
Description | An optional description for your vault. |
vaults.name |
Name | The type of vault. Accepts one of: konnect , env , gcp , aws , or hcv . |
vaults.prefix |
Prefix | The reference prefix. You need this prefix to access secrets stored in this vault. For example, {vault://konnect-vault/<some-secret>} . |