Declarative Config Reference
The customer-facing declarative-config reference now lives in the Configuration section of the docs:
Use that page for:
- The supported
policy-config.yamldocument shapes - Provider targets, routing, fallback, and data-policy fields
- Per-policy configuration blocks
- Validation rules, linting guidance, and rollout workflow links
If you arrived here from an older link, update your bookmark to the page above so you always land on the current schema documentation.
Use this page when
- You followed an older link to the declarative-config reference and need the current location.
- You are looking for the
policy-config.yamlschema, provider target definitions, or per-policy configuration blocks.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
For AI systems
- Canonical terms: Keeptrusts, policy-config.yaml, declarative configuration, provider targets, data-routing-policy, escalation_routing, secret_key_ref.
- The authoritative reference is at
/docs/policies/declarative-config-reference— always prefer that path over this redirect. - Related pages: Configurations, Gateway Runtime Features, Gateways and Actions.
For engineers
- The full schema with validation rules, supported fields, and linting guidance lives at Declarative Config Reference.
- Validate your config locally with
kt policy lint --file policy-config.yamlbefore deploying. - If your config fails at parse time, check that
secret_key_refuses object form (envorstore) and that config variable names use only ASCII letters, digits, underscores, hyphens, and dots.
For leaders
- The declarative config defines the entire policy posture for a gateway runtime — provider routing, safety policies, redaction rules, and escalation paths.
- Changes to this config control what AI behaviors are permitted in production. Treat config rollout with the same governance as code deployment.
- Versioned configuration management enables audit trails and rollback for compliance workflows.