You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following credential types can be created in Kong, that are associated with a consumer in Kong:
key-auth
hmac-auth
basic-auth
jwt
acl
Currently, decK cannot manage these plugin specific entities.
While key-auth, jwt and hmac-auth store credential in plain-text and return them, basic-auth plugin hashes the password. This results in a hash being returned on the Admin API. In such a situation, the credential cannot be compared for a diff and updated if it is out of sync. It is not clear the path that Kong will take in future and if other credentials and secrets will also be hashed or encrypted or both.
There are a couple of solutions possible:
Add support for the 3 credentials that are in plain-text today and then later if Kong hashes them, drop support for them.
Add support for all credentials, but then warn users that update operation is not supported, meaning deck will take care of creating a credential if one doesn't exist, but will not diff them to apply them again. There can be an annotation on a credential which can force a resync, meaning, the credential will be PUT. This will result in PUT request to credentials in every sync.
In either of the solution, hashed information can not be exported from Kong.
The text was updated successfully, but these errors were encountered:
I think you should follow what Kongfig does. I am guessing Kongfig doesn't support update of credentials.
Either way would you be able to give a timeline of when this will be available for public use?
Either way would you be able to give a timeline of when this will be available for public use?
Expect this to be out sometime in late August to mid-September along with a few other features cool features like easier integrations with Kong Enterprise, multiple file support, doc updates around features released in last couple releases.
Following credential types can be created in Kong, that are associated with a consumer in Kong:
Currently, decK cannot manage these plugin specific entities.
While key-auth, jwt and hmac-auth store credential in plain-text and return them, basic-auth plugin hashes the password. This results in a hash being returned on the Admin API. In such a situation, the credential cannot be compared for a diff and updated if it is out of sync. It is not clear the path that Kong will take in future and if other credentials and secrets will also be hashed or encrypted or both.
There are a couple of solutions possible:
PUT
. This will result in PUT request to credentials in every sync.In either of the solution, hashed information can not be exported from Kong.
The text was updated successfully, but these errors were encountered: