Start Kong Gateway Securely

    The Super Admin has the ability to invite other Admins and restrict their access based on Permissions of Roles within Workspaces.

    The first Super Admin account is created during database migrations following the guide below. It may only be added once.

    After installing Kong Gateway, either modify the configuration file or set environment variables for the following properties:

    • If using Kong Manager, select the type of authentication that Admins should use to log in. For the purpose of this guide, admin_gui_auth may be set to basic-auth. See for other types of authentication.

    For a simple configuration to use for the subsequent Getting Started guides:

    ⚠️Important: the Sessions Plugin requires a secret and is configured securely by default.

    • Under all circumstances, the secret must be manually set to a string.
    • If using different domains for the Admin API and Kong Manager, cookie_samesite must be set to off. Learn more about these properties in Session Security in Kong Manager, and see .

    Set a password for the Super Admin. This environment variable must be present in the environment where database migrations will run.

    Important: Setting your Kong password () using a value containing four ticks (for example, KONG_PASSWORD="a''a'a'a'a") causes a PostgreSQL syntax error on bootstrap. To work around this issue, do not use special characters in your password.

    This automatically creates a user, kong_admin, and a password that can be used to log in to Kong Manager. This password may also be used as a Kong-Admin-Token to make Admin API requests.

    Future migrations will not update the password or create additional Super Admins. To add additional Super Admins it is necessary to .

    Issue the following command to prepare your data store by running the Kong migrations:

    Start Kong:

    Note: the CLI accepts a configuration option (-c /path/to/kong.conf) allowing you to point to your own configuration.

    To test that Kong Gateway has successfully started with a Super Admin, visit Kong Manager’s URL. By default, it is on port :8002.

    The username is and the password is the one set in Step 1.