このページは、まだ日本語ではご利用いただけません。翻訳中です。

Konnect Config Store

You can store your sensitive data directly in Konnect via the Konnect Config Store. Konnect Config Store is scoped to a control plane today and works directly with Gateway’s Vaults entity in Gateway Manager to easily manage security and governance policies. Konnect Config Store is built with security in mind such that once a secret is stored in Konnect, you cannot view the value again. This ensures that sensitive data is not visible in plain text anywhere.

Configure the Konnect config store

curl -i -X POST https://{region}.api.konghq.com/v2/control-planes/{control-plane-id}/core-entities/vaults/ \
  --header 'Authorization: Bearer{kpat_token}' \
  --header 'Content-Type: application/json' \
  --data '{
	"name": "konnect"
}'

curl -i -X POST https://{region}.api.konghq.com/v2/control-planes/{control-plane-id}/core-entities/vaults/  \
  --header 'Authorization: Bearer {kpat_token}' \
  --header 'Content-Type: application/json' \
  --data '{
	"config":{
		"config_store_id": "7f1daa91-d386-4eb8-83c9-a78099f9c9d5"
	},
	"description": "Description of your vault",
	"name": "konnect",
	"prefix": "mysecretvault"
}'

_format_version: "3.0"
vaults:
- config:
    config_store_id: ee62068e-1843-49f8-ac22-40293b0a949d
  description: Storing secrets in Konnect
  name: konnect
  prefix: konnect-vault

Reference Konnect Config Store secrets

You can now store secrets in the Konnect Config Store and reference them throughout the control plane. For instance, a secret in the Konnect Config Store named secret-name can hold multiple key-value pairs:

{
  "foo": "bar",
  "snip": "snap"
}

To make these secrets accessible to Kong Gateway, reference the environment variables using a specific URL format. For the example above, the references would be:

{vault://konnect/secret-name/foo}
{vault://konnect/secret-name/snip}

This allows Kong Gateway to recognize and retrieve the stored secrets.

Supported fields