You are browsing documentation for an older version. See the latest documentation here.
Install and Configure the FIPS Compliant Package
Available with Kong Gateway Enterprise subscription - Contact Sales
This how-to guide explains how to install and configure the Kong Gateway FIPS-compliant package. After following the steps in this guide, you will have a FIPS-compliant Kong Gateway with FIPS mode enabled.
Installing a Kong Gateway FIPS compliant package
Configure FIPS
To start in FIPS mode, set the following configuration property to on
in the kong.conf
configuration file before starting Kong Gateway:
fips = on # fips mode is enabled, causing incompatible ciphers to be disabled
You can also set this configuration using an environment variable:
export KONG_FIPS=on
If you are migrating from Kong Gateway 3.1 to 3.2 in FIPS mode and are using the key-auth-enc plugin, you should send PATCH or POST requests to all existing key-auth-enc credentials to re-hash them in SHA256.
Migrating from non-FIPS to FIPS mode and backwards is not supported.