With the new version of the Kong Gateway, the company has improved the cloud-native API platform in both API management and security.

The Kong Gateway software from the company of the same name is designed for microservices. With the main version 3.0 that has now been released, the development team has improved both the Enterprise and the Open Source Edition and introduced a whole range of new functions. The most important innovations include improved security and governance, which should make it easier for users to meet corresponding security and compliance requirements.

Secure gateway operations and plug-ins

The developers at Kong have integrated a FIPS 140-2-compliant Kong Gateway runtime into this release, the development of which was already announced when version 2.7 was presented. They also promise a secure storage area used for all gateway operation and plugins. Security is achieved through a BoringSSL-based build, which a blog post describes as making the core of the software FIPS 140-2 compliant.

The team can also report progress in the areas of flexibility and extensibility: Customers should now be able to choose the execution order of their plug-ins, add native support for WebSocket traffic and use the deep OpenTelemetry integration.

Secrets Management now fully supported

The development team introduced the so-called Secrets Management in Kong Gateway as a beta version in Release 2.8. With version 3.0 released now, it has gained full support status. With Secrets Management, developers should be able to securely store sensitive information in external vaults that Kong can access at runtime. This affects the environment variables for the open source version and AWS Secrets Manager and HashiCorp Vault for the Enterprise Edition. By storing sensitive values ​​as secrets, they can ensure that this information is not exposed in plain text across the platform, in kong.conf, or in declarative configuration files, logs, or the Kong Manager UI.

In addition, using Vault Secrets allows specific values ​​to be used for development, staging, and production environments, while configuring each environment using the exact same declarative configuration file.

The Kong Manager 3.0

For the enterprise version of the software, the developers have revised Kong Manager 3.0 and, according to them, made the configuration of the most important gateway entities such as service, route, consumer and plug-in more intuitive.

For the enterprise version of the software, the developers have significantly revised Kong Manager 3.0. - Advertisement - (Image: Kong)

Understanding how an entity is configured is now placed in the foreground instead of behind a button ViewConfig to be hidden and fully editable within the same view.

A complete list of features, fixes and updates can be found in both the Kong Gateway changelog and the Kong Gateway OSS free version. Both versions are also available for download.