旧バージョンのドキュメントを参照しています。最新のドキュメントはこちらをご参照ください。

Using environment variables with decK

When you use decK to apply configurations to Kong Gateway, decK reads data in plain text from a state file by default. To improve security, you can also store sensitive information, for example apiKey or client_secret, in environment variables. decK can then read data directly from the environment variables and apply it.

Create environment variables with the DECK_ prefix and reference them as ${{ env "DECK_*" }} in your state file.

For storing Kong Gateway secrets in environment variables, see Secrets Management with decK. The reference format for secrets is not the same as references for environment variables used by decK.

The following example demonstrates how to apply an API key stored in an environment variable. You can use this method for any sensitive content.

Create an environment variable:
```
 export DECK_API_KEY={YOUR_API_KEY}
```

Save the following snippet into a env-demo.yaml file:

 _format_version: "3.0"
 consumers:
 - keyauth_credentials:
   - key: ${{ env "DECK_API_KEY" }}
   username: demo
   id: 36718320-e67d-4162-8b50-aa685e06c64c
 plugins:
 - config:
     anonymous: null
     hide_credentials: false
     key_in_body: false
     key_in_header: true
     key_in_query: true
     key_names:
     - apikey
     run_on_preflight: true
   enabled: true
   name: key-auth
   protocols:
   - grpc
   - grpcs
   - http
   - https

This snippet enables the key authentication plugin globally and creates a consumer named demo with an API key.

Run the following command to sync this file:

 deck sync -s env-demo.yaml

The output should look something like this, where abc is the API key stored in the environment variable:

 creating consumer demo
 creating key-auth abc for consumer 36718320-e67d-4162-8b50-aa685e06c64c
 creating plugin key-auth (global)
 Summary:
   Created: 3
   Updated: 0
   Deleted: 0