Kong · Schema
AcmePluginConfig
API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source
Properties
| Name | Type | Description |
|---|---|---|
| config | object | |
| name | object | |
| protocols | array | A set of strings representing HTTP protocols. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/AcmePluginConfig",
"title": "AcmePluginConfig",
"x-speakeasy-entity": "PluginAcme",
"properties": {
"config": {
"type": "object",
"properties": {
"account_email": {
"description": "The account identifier. Can be reused in a different plugin instance.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"account_key": {
"description": "The private key associated with the account.",
"type": "object",
"properties": {
"key_id": {
"description": "The Key ID.",
"type": "string",
"x-encrypted": true
},
"key_set": {
"description": "The name of the key set to associate the Key ID with.",
"type": "string",
"x-encrypted": true
}
},
"required": [
"key_id"
]
},
"allow_any_domain": {
"description": "If set to `true`, the plugin allows all domains and ignores any values in the `domains` list.",
"type": "boolean",
"default": false
},
"api_uri": {
"description": "A string representing a URL, such as https://example.com/path/to/resource?q=search.",
"type": "string",
"default": "https://acme-v02.api.letsencrypt.org/directory"
},
"cert_type": {
"description": "The certificate type to create. The possible values are `rsa` for RSA certificate or `ecc` for EC certificate.",
"type": "string",
"default": "rsa",
"enum": [
"ecc",
"rsa"
]
},
"domains": {
"description": "An array of strings representing hosts. A valid host is a string containing one or more labels separated by periods, with at most one wildcard label ('*')",
"type": "array",
"items": {
"type": "string"
}
},
"eab_hmac_key": {
"description": "External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don't need to set this unless it is explicitly required by the CA.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"eab_kid": {
"description": "External account binding (EAB) key id. You usually don't need to set this unless it is explicitly required by the CA.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"enable_ipv4_common_name": {
"description": "A boolean value that controls whether to include the IPv4 address in the common name field of generated certificates.",
"type": "boolean",
"default": true
},
"fail_backoff_minutes": {
"description": "Minutes to wait for each domain that fails to create a certificate. This applies to both a\nnew certificate and a renewal certificate.",
"type": "number",
"default": 5
},
"preferred_chain": {
"description": "A string value that specifies the preferred certificate chain to use when generating certificates.",
"type": "string"
},
"renew_threshold_days": {
"description": "Days remaining to renew the certificate before it expires.",
"type": "number",
"default": 14
},
"rsa_key_size": {
"description": "RSA private key size for the certificate. The possible values are 2048, 3072, or 4096.",
"type": "integer",
"default": 4096,
"enum": [
2048,
3072,
4096
]
},
"storage": {
"description": "The backend storage type to use. In DB-less mode and Konnect, `kong` storage is unavailable. In hybrid mode and Konnect, `shm` storage is unavailable. `shm` storage does not persist during Kong restarts and does not work for Kong running on different machines, so consider using one of `kong`, `redis`, `consul`, or `vault` in production.",
"type": "string",
"default": "shm",
"enum": [
"consul",
"kong",
"redis",
"shm",
"vault"
]
},
"storage_config": {
"type": "object",
"properties": {
"consul": {
"type": "object",
"properties": {
"host": {
"description": "A string representing a host name, such as example.com.",
"type": "string"
},
"https": {
"description": "Boolean representation of https.",
"type": "boolean",
"default": false
},
"kv_path": {
"description": "KV prefix path.",
"type": "string"
},
"port": {
"description": "An integer representing a port number between 0 and 65535, inclusive.",
"type": "integer",
"maximum": 65535,
"minimum": 0
},
"timeout": {
"description": "Timeout in milliseconds.",
"type": "number"
},
"token": {
"description": "Consul ACL token.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
}
}
},
"kong": {
"type": "object",
"additionalProperties": true
},
"redis": {
"type": "object",
"properties": {
"cloud_authentication": {
"description": "Cloud auth related configs for connecting to a Cloud Provider's Redis instance.",
"type": "object",
"properties": {
"auth_provider": {
"description": "Auth providers to be used to authenticate to a Cloud Provider's Redis instance.",
"type": "string",
"enum": [
"aws",
"azure",
"gcp"
],
"x-referenceable": true
},
"aws_access_key_id": {
"description": "AWS Access Key ID to be used for authentication when `auth_provider` is set to `aws`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"aws_assume_role_arn": {
"description": "The ARN of the IAM role to assume for generating ElastiCache IAM authentication tokens.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"aws_cache_name": {
"description": "The name of the AWS Elasticache cluster when `auth_provider` is set to `aws`.",
"type": "string",
"x-referenceable": true
},
"aws_is_serverless": {
"description": "This flag specifies whether the cluster is serverless when auth_provider is set to `aws`.",
"type": "boolean",
"default": true
},
"aws_region": {
"description": "The region of the AWS ElastiCache cluster when `auth_provider` is set to `aws`.",
"type": "string",
"x-referenceable": true
},
"aws_role_session_name": {
"description": "The session name for the temporary credentials when assuming the IAM role.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"aws_secret_access_key": {
"description": "AWS Secret Access Key to be used for authentication when `auth_provider` is set to `aws`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"azure_client_id": {
"description": "Azure Client ID to be used for authentication when `auth_provider` is set to `azure`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"azure_client_secret": {
"description": "Azure Client Secret to be used for authentication when `auth_provider` is set to `azure`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"azure_tenant_id": {
"description": "Azure Tenant ID to be used for authentication when `auth_provider` is set to `azure`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"gcp_service_account_json": {
"description": "GCP Service Account JSON to be used for authentication when `auth_provider` is set to `gcp`.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
}
}
},
"database": {
"description": "Database to use for the Redis connection when using the `redis` strategy",
"type": "integer",
"default": 0
},
"extra_options": {
"description": "Custom ACME Redis options",
"type": "object",
"properties": {
"namespace": {
"description": "A namespace to prepend to all keys stored in Redis.",
"type": "string",
"default": ""
},
"scan_count": {
"description": "The number of keys to return in Redis SCAN calls.",
"type": "number",
"default": 10
}
}
},
"host": {
"description": "A string representing a host name, such as example.com.",
"type": "string",
"x-referenceable": true
},
"password": {
"description": "Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
},
"port": {
"description": "An integer representing a port number between 0 and 65535, inclusive.",
"type": "integer",
"default": 6379,
"maximum": 65535,
"minimum": 0,
"x-referenceable": true
},
"server_name": {
"description": "A string representing an SNI (server name indication) value for TLS.",
"type": "string",
"x-referenceable": true
},
"ssl": {
"description": "If set to true, uses SSL to connect to Redis.",
"type": "boolean",
"default": false
},
"ssl_verify": {
"description": "If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure `lua_ssl_trusted_certificate` in `kong.conf` to specify the CA (or server) certificate used by your Redis server. You may also need to configure `lua_ssl_verify_depth` accordingly.",
"type": "boolean",
"default": true
},
"timeout": {
"description": "An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.",
"type": "integer",
"default": 2000,
"maximum": 2147483646,
"minimum": 0
},
"username": {
"description": "Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to `default`.",
"type": "string",
"x-referenceable": true
}
}
},
"shm": {
"type": "object",
"properties": {
"shm_name": {
"description": "Name of shared memory zone used for Kong API gateway storage",
"type": "string",
"default": "kong"
}
}
},
"vault": {
"type": "object",
"properties": {
"auth_method": {
"description": "Auth Method, default to token, can be 'token' or 'kubernetes'.",
"type": "string",
"default": "token",
"enum": [
"kubernetes",
"token"
]
},
"auth_path": {
"description": "Vault's authentication path to use.",
"type": "string"
},
"auth_role": {
"description": "The role to try and assign.",
"type": "string"
},
"host": {
"description": "A string representing a host name, such as example.com.",
"type": "string"
},
"https": {
"description": "Boolean representation of https.",
"type": "boolean",
"default": false
},
"jwt_path": {
"description": "The path to the JWT.",
"type": "string"
},
"kv_path": {
"description": "KV prefix path.",
"type": "string"
},
"port": {
"description": "An integer representing a port number between 0 and 65535, inclusive.",
"type": "integer",
"maximum": 65535,
"minimum": 0
},
"timeout": {
"description": "Timeout in milliseconds.",
"type": "number"
},
"tls_server_name": {
"description": "SNI used in request, default to host if omitted.",
"type": "string"
},
"tls_verify": {
"description": "Turn on TLS verification.",
"type": "boolean",
"default": true
},
"token": {
"description": "Consul ACL token.",
"type": "string",
"x-encrypted": true,
"x-referenceable": true
}
}
}
}
},
"tos_accepted": {
"description": "If you are using Let's Encrypt, you must set this to `true` to agree the terms of service.",
"type": "boolean",
"default": false
}
},
"required": [
"account_email"
]
},
"name": {
"const": "acme"
},
"protocols": {
"description": "A set of strings representing HTTP protocols.",
"type": "array",
"items": {
"enum": [
"grpc",
"grpcs",
"http",
"https"
],
"type": "string"
},
"format": "set",
"default": [
"grpc",
"grpcs",
"http",
"https"
]
}
},
"required": [
"config"
]
}