Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Gateway
3.4.x (latest)
  • Home icon
  • Kong Gateway
  • Kong Enterprise
  • Fips Support
  • Install and Configure the FIPS Compliant Package
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.4.x (latest)
  • 3.3.x
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Archive (pre-2.6)
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Installing a Kong Gateway FIPS compliant package
  • Configure FIPS

Install and Configure the FIPS Compliant Package

This how-to guide explains how to install and configure the Kong Gateway FIPS-compliant package. After following the steps in this guide, you will have a FIPS-compliant Kong Gateway with FIPS mode enabled.

Installing a Kong Gateway FIPS compliant package

Ubuntu
RHEL

The FIPS-compliant Ubuntu 20.04 package can be installed using the package distinctively named kong-enterprise-edition-fips. To install the package follow these instructions:

  1. Set up the Kong APT repository:
     curl -1sLf "https://packages.konghq.com/public/gateway-34/gpg..key" |  gpg --dearmor >> /usr/share/keyrings/kong-gateway-34-archive-keyring.gpg
     curl -1sLf "https://packages.konghq.com/public/gateway-34/config.deb.txt?distro=ubuntu&codename=$(lsb_release -sc)" > /etc/apt/sources.list.d/kong-gateway-34.list
    
  2. Update the repository:
     sudo apt-get update
    
  3. Install the Kong Gateway FIPS package:

     apt install -y kong-enterprise-edition-fips=3.4.0.0
    

The FIPS-compliant Red Hat 8 package can be installed using the package distinctively named kong-enterprise-edition-fips. To install the package follow these instructions:

Package
Yum repo
  1. Download the FIPS package:

     curl -Lo kong-enterprise-edition-fips-3.4.0.0.rpm $(rpm --eval https://packages.konghq.com/public/gateway-34/rpm/el/%{rhel}/x86_64/kong-enterprise-edition-fips-3.4.0.0.el%{rhel}.x86_64.rpm)
    
  2. Install the Kong Gateway FIPS package:

     yum install kong-enterprise-edition-fips-3.4.0.0
    
  1. Set up the Kong Yum repository:

     curl -1sLf "https://packages.konghq.com/public/gateway-34/config.rpm.txt?distro=el&codename=$(rpm --eval '%{rhel}')" | sudo tee /etc/yum.repos.d/kong-gateway-34.repo
     sudo yum -q makecache -y --disablerepo='*' --enablerepo='kong-gateway-34'
    
  2. Install the Kong Gateway FIPS package:

     yum install kong-enterprise-edition-fips-3.4.0.0
    

Configure FIPS

To start in FIPS mode, set the following configuration property to on in the kong.conf configuration file before starting Kong Gateway:

fips = on # fips mode is enabled, causing incompatible ciphers to be disabled

You can also set this configuration using an environment variable:

export KONG_FIPS=on

If you are migrating from Kong Gateway 3.1 to 3.2 in FIPS mode and are using the key-auth-enc plugin, you should send PATCH or POST requests to all existing key-auth-enc credentials to re-hash them in SHA256.

Migrating from non-FIPS to FIPS mode and backwards is not supported.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023