Decrypt

Decrypt using a static key

Decrypt a message value using a static key.

The static key must be a secret reference to a 256-bit (32-byte) base64-encoded string, or the key itself as a string. We recommend using secret references to avoid exposing sensitive data in your configuration.

Prerequisites

A static key.
A corresponding Encrypt policy that uses the static key. Event Gateway uses the key reference in the message payload set by the Encrypt policy and looks for the actual key in key_sources to successfully decrypt.

Set up the policy

curl -X POST https://{region}.api.konghq.com/v1/event-gateways/{eventGatewayId}/virtual-clusters/{virtualClusterId}/consume-policies \
    --header "accept: application/json" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer $KONNECT_TOKEN" \
    --data '
    {
      "name": "decrypt-static-key",
      "type": "decrypt",
      "config": {
        "failure_mode": "error",
        "part_of_record": [
          "value"
        ],
        "key_sources": [
          {
            "type": "static"
          }
        ]
      }
    }
    '

Copied!

Make sure to replace the following placeholders with your own values:

region: Geographic region where your Kong Konnect is hosted and operates.
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
virtualClusterId: The id of the Virtual Cluster.
eventGatewayId: The id of the Event Gateway.
eventGatewayListenerId: The id of the Event Gateway Listener.

See the Konnect Event Gateway API reference to learn about region-specific URLs and personal access tokens.

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect-beta = {
      source  = "kong/konnect-beta"
    }
  }
}

provider "konnect-beta" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Copied!

resource "konnect_event_gateway_consume_policy_decrypt" "my_virtual_cluster_policy_decrypt" {
  provider = konnect-beta
  type = "decrypt"
  config = {
    failure_mode = "error"
    part_of_record = ["value"]
    key_sources = [
      {
        type = "static"
      }    ]
  }


  virtual_cluster_id = konnect_event_gateway_virtual_cluster.my_virtual_cluster.id

  gateway_id = konnect_event_gateway.my_event_gateway.id
}

Copied!

Decrypt using a static key

Prerequisites

Set up the policy

Help us make these docs great!

Still need help