Encrypt: Encrypt using a static key - Policy

Encrypt using a static key

Encrypt a message value using a static key.

The static key must be a secret reference to a 256-bit (32-byte) base64-encoded string, or the key itself as a string. We recommend using secret references to avoid exposing sensitive data in your configuration.

Prerequisites

A static key named my-static-key.
A corresponding Decrypt policy.

Set up the policy

curl -X POST https://{region}.api.konghq.com/v1/event-gateways/{eventGatewayId}/virtual-clusters/{virtualClusterId}/produce-policies \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "encrypt-static-key",
      "type": "encrypt",
      "config": {
        "failure_mode": "error",
        "part_of_record": [
          "value"
        ],
        "encryption_key": {
          "type": "static",
          "key": {
            "name": "my-static-key"
          }
        }
      }
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
virtualClusterId: The id of the Virtual Cluster.
eventGatewayId: The id of the Event Gateway.
eventGatewayListenerId: The id of the Event Gateway Listener.

See the Konnect Event Gateway API reference to learn about region-specific URLs and personal access tokens.

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect-beta = {
      source  = "kong/konnect-beta"
    }
  }
}

provider "konnect-beta" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

Add the following to your Terraform configuration:

resource "konnect_event_gateway_produce_policy_encrypt" "my_virtual_cluster_policy_encrypt" {
  provider = konnect-beta
  type = "encrypt"
  config = {
    failure_mode = "error"
    part_of_record = ["value"]

    encryption_key = {
      type = "static"

      key = {
        name = "my-static-key"
      }
    }
  }


  virtual_cluster_id = konnect_event_gateway_virtual_cluster.my_virtual_cluster.id

  gateway_id = konnect_event_gateway.my_event_gateway.id
}

Copied!

The following example creates a new encrypt policy.

Add this snippet to an event_gateways resource in your declarative configuration file, and then manage it with kongctl:

event_gateway_policy.yaml

Copied!

event_gateways:
  - ref: eventGatewayName
    name: eventGatewayName
    virtual_clusters:
    - ref: virtualClusterName
      name: virtualClusterName
      produce_policies:
      - ref: encrypt-static-key
        type: encrypt
        encrypt:
          name: encrypt-static-key
          config:
            failure_mode: error
            part_of_record:
            - value
            encryption_key:
              type: static
              key:
                name: my-static-key

Make sure to replace the following placeholders with your own values:

eventGatewayName: The name of your Event Gateway.
virtualClusterName: The name of the Virtual Cluster.

Encrypt

Encrypt using a static key

Prerequisites

Set up the policy

Help us make these docs great!

Still need help?