You are browsing documentation for an outdated version. See the latest documentation here.

Keyring and Data Encryption Reference

View Keyring

Endpoint

/keyring

Response

  1. HTTP 200 OK
  1. {
  2.     "active": "RfsDJ2Ol",
  3.     "ids": [
  4.         "RfsDJ2Ol",
  5.         "xSD219lH"
  6.     ]
  7. }

View Active Key

Endpoint

/keyring/active

Response

  1. HTTP 200 OK
  1. {
  2.     "id": "RfsDJ2Ol"
  3. }

Export Keyring

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/export

Response

  1. HTTP 200 OK
  1. {
  2.     "data": "<base64>..."
  3. }

Import Exported Keyring

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/import

Request Body

AttributeDescription
dataBase64-encoded keyring export material.

Response

  1. HTTP 201 Created

Import Key

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_public_key and keyring_private_key Kong configuration values are defined.

Endpoint

/keyring/import/raw

Request Body

AttributeDescription
id8-byte key identifier.
dataBase64-encoded keyring export material.

Response

  1. HTTP 201 Created

Recover Keyring from Database

This endpoint is only available with the cluster keyring strategy.

The endpoint requires that the keyring_recovery_public_key Kong configuration value is defined.

Endpoint

/keyring/recover

Request Body

AttributeDescription
recovery_private_keyThe content of the private key.

Response

  1. HTTP 200 OK
  1. {
  2.     "message": "successfully recovered 1 keys",
  3.     "recovered": [
  4.         "RfsDJ2Ol"
  5.     ],
  6.     "not_recovered": [
  7.         "xSD219lH"
  8.     ]
  9. }

Generate New Key

This endpoint is only available with the cluster keyring strategy.

Endpoint

/keyring/generate

Response

  1. HTTP 201 Created
  1. {
  2.     "id": "500pIquV",
  3.     "key": "3I23Ben5m7qKcCA/PK7rnsNeD3kI4IPtA6ki7YjAgKA="
  4. }

Remove Key from Keyring

This endpoint is only available with the cluster keyring strategy.

Endpoint

/keyring/remove

Request Body

AttributeDescription
key8-byte key identifier.

Response

  1. HTTP 204 No Content

Sync Keyring with Vault Endpoint

This endpoint is only available with the vault keyring strategy.

Endpoint

/keyring/vault/sync

Response

  1. HTTP 204 No Content