Enable Basic Auth for Kong Manager

Enable basic authentication on a Kong Manager instance.

Prerequisites

You have super admin permissions or a user that has /admins and /rbac read and write access.

Set up basic authentication

  1. In kong.conf, configure the following properties:

    1. enforce_rbac = on
    2. admin_gui_auth = basic-auth
    3. admin_gui_session_conf = { "secret":"set-your-string-here" }

    This enables RBAC, sets basic-auth as the authentication method, and creates a session secret.

    Kong Manager uses the Sessions plugin in the background. This plugin (configured with admin_gui_session_conf) requires a secret and is configured securely by default.

    • Under all circumstances, the secret must be manually set to a string.
    • If using HTTP instead of HTTPS, cookie_secure must be manually set to false.
    • If using different domains for the Admin API and Kong Manager, cookie_same_site must be set to Lax.

    Learn more about these properties in Session Security in Kong Manager, and see example configurations.

  2. Start or reload Kong and point to the kong.conf file:

    1. kong start [-c /path/to/kong/conf]
  3. Choose one of the following options:

    • If you created a super admin via database migration, log in to Kong Manager with the username kong_admin and the password set in the environment variable.

    • If you created a super admin via the Kong Manager Teams tab as described in How to Create a Super Admin, log in with the credentials you created after accepting the email invitation.