heroku · mars · Feb 28, 2019 · Feb 28, 2019 · Feb 28, 2019 · Mar 21, 2019
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 Kong as a Heroku app
 ====================
-Deploy [Kong 1.0](https://konghq.com/blog/kong-1-0-ga/) clusters to Heroku Common Runtime and Private Spaces using the [Kong buildpack](https://github.com/heroku/heroku-buildpack-kong/).
+Deploy [Kong 1.1.0rc2](https://discuss.konghq.com/t/kong-1-1-0rc2-available-for-testing/3016) clusters to Heroku Common Runtime and Private Spaces using the [Kong buildpack, 1.1.0 branch](https://github.com/heroku/heroku-buildpack-kong/tree/kong-1.1.0).
 
 ⏫ **Upgrading from an earlier version?** See [Upgrade Guide](#user-content-upgrade-guide).
 

diff --git a/app.json b/app.json
@@ -11,10 +11,9 @@
   ],
   "website": "https://getkong.org/",
   "repository": "https://github.com/heroku/heroku-kong.git",
-  "success_url": "https://github.com/heroku/heroku-kong/blob/master/README.md#user-content-usage",
   "stack": "heroku-18",
   "buildpacks": [{
-    "url": "https://github.com/heroku/heroku-buildpack-kong.git"
+    "url": "https://github.com/heroku/heroku-buildpack-kong.git#kong-1.1.0"
   }],
   "addons": [
     "heroku-postgresql"

diff --git a/bin/postrelease b/bin/postrelease
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -eu
+
+# Admin key is empty when the var is unset.
+KONG_HEROKU_ADMIN_KEY="${KONG_HEROKU_ADMIN_KEY:-}"
+
+if [ -n "$KONG_HEROKU_ADMIN_KEY" ]
+then
+  echo "Setting up external Admin API secured by KONG_HEROKU_ADMIN_KEY"
+
+  # Replace environment variables with their values.
+  # Example: `$VAR` or `${VAR}` will be replaced with value of `VAR`.
+  eval "cat <<EOF
+$(<config/secure-admin-api.yml)
+EOF
+" > config/secure-admin-api-rendered.yml
+
+  # Kong needs to be running for import.
+  bin/background-start
+  sleep 1
+  # Import config to Kong 1.1+
+  kong config db_import \
+    -c "${KONG_CONF:-config/kong.conf}" \
+    "config/secure-admin-api-rendered.yml"
+fi
diff --git a/bin/prerelease b/bin/prerelease
diff --git a/config/pg-heroku-admin.dump b/config/pg-heroku-admin.dump
diff --git a/config/secure-admin-api.yml b/config/secure-admin-api.yml
@@ -0,0 +1,40 @@
+# Kong declarative config
+# https://discuss.konghq.com/t/rfc-kong-native-declarative-config-format/2719
+
+# Metadata fields start with an underscore (_)
+# Fields that do not start with an underscore represent Kong entities and attributes
+
+# Matches Kong minimum version that supports the format
+_format_version: "1.1"
+_comment: This configures a protected, external-facing loopback proxy to Kong's Admin API, secured by the KONG_HEROKU_ADMIN_KEY config var. This config is preprocessed by the bin/postrelease script to expand shell-style interpolations, such as variables.
+
+services:
+- name: kong-admin
+  url: http://localhost:8001
+  routes:
+  - name: kong-admin
+    protocols:
+    - https
+    paths:
+    - /kong-admin
+  plugins:
+  - name: request-size-limiting
+    config:
+      allowed_payload_size: 8
+  - name: rate-limiting
+    config:
+      minute: 1000
+  - name: key-auth
+    config:
+      hide_credentials: true
+  - name: acl
+    config:
+      whitelist:
+      - kong-admin
+
+consumers:
+- username: heroku-admin
+  acls:
+  - group: kong-admin
+  keyauth_credentials:
+  - key: ${KONG_HEROKU_ADMIN_KEY}