Adding secrets to KongCredential resources

Hi people.

I have these KongCredentials, resources with their respective KongConsumers and the basic-auth and acl KongPlugins

My question is: Can I apply it kubernetes secrets to KongCredentials resource?
What kind of secrets? generic may be?

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: swaggerapi-basic-auth
  namespace: default
  labels:
    global: "false"
disabled: false
config:
  hide_credentials: true
plugin: basic-auth
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: swaggerapi-acl
  namespace: default
  labels:
    global: "false"
disabled: false
config:
  hide_groups_header: true
  whitelist: ["dev", "azure"]
plugin: acl
---
# User standard
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: zcrm365consumer
  namespace: default
username: user
---
apiVersion: configuration.konghq.com/v1
kind: KongCredential
group: dev
metadata:
  name: credential-zcrm365-acl
  namespace: default
consumerRef: zcrm365consumer
type: acl
config:
  group: "dev"
---
apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
  name: credential-zcrm365
  namespace: default
consumerRef: zcrm365consumer
type: basic-auth
config:
  username: user
  password: passwd
---

Hi @bgarcial,

It is not possible to do this currently but is definitely something on the radar.

1 Like

Does KONG not have its own environment variables? Maybe are there some specific flags similar to these?

spec:
      serviceAccountName: kong-serviceaccount
      initContainers:
      - name: wait-for-migrations
        image: kong:1.1
        command: [ "/bin/sh", "-c", "kong migrations list" ]
        env:
        - name: KONG_ADMIN_LISTEN
          value: 'off'
        - name: KONG_PROXY_LISTEN
          value: 'off'
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PG_HOST
          value: postgres
        - name: KONG_PG_PASSWORD
          value: kong

Hi @hbagdi,
Is there any update on this?

The last update stands as is as of now.
Design proposals on how to update the KongCredential CRD to support this are welcome.