Reference Format

This feature is released as and should not be deployed in a production environment.

Reference Format

We use the URL syntax to describe references to a secret store.

  1. {vault://<vault-backend|entity>/<secret-id>[/<secret-key][?query]}

Protocol/Scheme

  1. {vault://<vault-backend|entity>/<secret-id>[/<secret-key]}
  2.  ^^^^^

The vault in the URL is used as an identifier for Kong. We use this to reference a vault.

Path

  1. {vault://<vault-prefix>/<secret-id>[/<secret-key]}
  2.          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The path of the URL defines the following:

Vault Prefix

The prefix for a vault can be either the name of the backend or the name of vault entity that you created.

Examples:

  1. {vault://env/<secret-id>[/<secret-key]}
  2.          ^^^

or using a vault entity

  1. {vault://my-env-vault/<secret-id>[/<secret-key]}
  2.          ^^^^^^^^^^^^

Secret ID

The secret-id is used as an identifier in case the vault uses a nested datastructure.

Secret Key

The secret-key is used to identify the secret within the secret-id object.

Query

Query arguments are used to denote configuration options in a key=value format to the Vault Prefix