Kong Konnect Adds Secrets Management, Improved Analytics

Hayden Lam also contributed to this post.

Today we’re thrilled to announce new features in Kong Konnect, including secrets management, support for Kong Gateway 3.1, Analytics updates, runtime group APIs, system accounts, and an intuitive overview page and service wizard. In this blog, we'll explore all these exciting updates in Kong Konnect.

Secrets Management

You can now seamlessly reference sensitive information securely from third-party secrets managers such as AWS Secrets Manager,GCP Secrets Manager, and Hashicorp Vault. You can also use environment variables for accessing and storing secrets.

Now your secrets — such as usernames and passwords, API tokens, database credentials, and private keys — are centrally managed, auditable, and protected from unauthorized use. This makes the Kong Konnect platform secure by design as it only references secrets stored in these secret managers instead of accessing the actual value of the secrets.

You can learn more about secrets management in the documentation. To learn about other Kong Gateway 3.0 features supported in Kong Konnect, refer to the Kong Gateway 3.0 release blog post.

Figure 1: Kong Konnect supports Secrets Management

Kong Konnect supports Kong Gateway 3.1

We're happy to announce that Kong Konnect now supports Kong Gateway 3.1 including some of the new plugins added in 3.1. You can deploy and manage Kong Gateway 3.1 runtime instances across any cloud or on-premise environment using the Konnect Runtime Manager. You can seamlessly apply newly added plugin policies such as SAML 2.0, AppDynamics, JWE Decrypt, and XML Threat Protection plugins to increase security and visibility across all your APIs and services.

Get started with the newest version of Kong Gateway in Konnect.

New Metrics and Chart Types in Kong Analytics

You can now choose between multiple different metrics and chart types when creating custom reports in Kong Analytics. These updates enable you to easily understand API traffic patterns, user behavior and trends over time.

You have the option to select from different chart types such as line, horizontal and vertical bar charts to visualize your API calls. You can now easily select from a number of relative time frames (Figure 3) to set a date range for your custom reports. Relative time frames are dynamic and the report captures a snapshot of data relative to when you view the report.

Lastly, you can choose from a bunch of newly added metrics including Request per minute, Response latency, Response size and Request size all represented as percentiles. Analytics uses percentiles to enable you to understand the real performance characteristics of your APIs. Percentiles depict a more accurate picture of what most end users experience using your APIs instead of hiding critical experiences by displaying averages.

Figure 2: New chart types added in Analytics custom report

Figure 3: Relative Time Selection capability

Try it out now! Log in to your Kong Konnect account and navigate to Analytics → Reports to try out these features.

Runtime Groups API and Runtime Group Configuration API

You can now fully automate your runtime group workflows and integrate with the Konnect admin API to configure the gateway in a Konnect managed runtime instance.

Runtime Groups API

This set of APIs allow you to create and manage runtime groups. As a result, your central infrastructure teams are able to leverage the API to provision runtime groups as part of their onboarding process for new teams and departments. These endpoints also provide the config parameters required to connect a Kong Gateway data plane to the runtime group.

Runtime Group Configuration API

This is the set of APIs that allow you to manage your data plane (DP) nodes, DP certificates, and (most notably) the gateway configuration (AKA the Kong Admin API). Combined with the runtime groups API, you are now able to automate your entire runtime groups workflow end to end.

The three groups endpoints in runtime group configuration are:

1. Nodes are the endpoints to manage runtime instances (AKA gateway data planes). The nodes endpoint allows you to view the status of a connected node and delete a record of a stale node.
2. DP client certificates are the endpoints to manage the pinned certificate in the runtime group. These pinned certificates are what allow the DP to establish a connection with the control plane(CP). By pinning the public cert to the runtime group, the CP is able to verify if a DP is authorized to connect if it has a matching and valid private key.
3. Core entities behave like a passthrough to a backward-compatible Admin API that replicates the Kong Admin API functionality. All CRUD operations can be performed on the gateway core entities with these endpoints.

Core entities include Services, Routes, Consumers, Plugins, Upstreams, Certificates, CA Certificates, SNIs, Targets and Vaults.

Refer to our documentation for additional details.

System Accounts

You can now create an account for a system user such as your GitHub repo to access Kong Konnect using system accounts. Unlike user accounts, system accounts can be created without a verified email address. This allows a system account to be used as part of an automation or integration workflow that isn’t associated with any person's identity.

The system account has access to a system account access token the same way a regular Konnect user has access to a personal access token (PAT). The system account can be assigned roles directly or by becoming a part of a team. As such, an access token created by a system account inherits the roles assigned to the system account.

This feature is currently in beta. We welcome customers to provide early feedback.

Konnect Overview and Service Wizard

Now you can get a high-level summary of your entire Konnect ecosystem including news updates and learning resources as well as an intuitive experience when creating a new service with the Konnect Overview page. By clicking on "Add a Service" you can seamlessly register a service within Service Hub, create a deployment to the Kong Gateway, publish API docs to the Dev Portal, and apply plugins in a simple four-step process.

Figure 4: Konnect Overview and Service Wizard

Learn more about Kong Konnect

Refer to our documentation to dive deeper into Kong Konnect or register for our weekly product demo and live Q&A.

Ready to take it for a spin? Start your Kong Konnect free trial to get your hands on these new features.