We're thrilled to announce the general availability of Kong Gateway Enterprise 3.6. This version brings security, efficiency, and standards conformance to enterprise applications. Plus, Kong AI Gateway, which you can learn more about here. Let’s dive into the enhancements and explore the tangible benefits these features bring your organization.
mTLS client Authentication in OpenID Connect plugin: With 3.6, you can now establish a zero trust architecture more effectively. By enabling mutual TLS (mTLS) client authentication, Kong Gateway ensures secure and trusted communication between your API gateway and Identity Providers. This enhancement not only bolsters your security posture, but also streamlines identity verification processes and enhances overall system reliability.
AppRole Authentication for Hashicorp Vault: Kong Gateway 3.6 introduces AppRole Authentication for Hashicorp Vault. AppRole Authentication is specifically designed for automated workflows. This feature complements existing Kubernetes authentication and client ID/secret authentication methods, offering a more robust and flexible approach to secrets management. The integration with Hashicorp Vault via AppRole streamlines access management, significantly reducing the time and effort required for secure operations.
Expanded Consumer-Groups scoped plugins: Building on the foundation set in version 3.4, Kong Gateway 3.6 release expands the range of plugins supporting Consumer Groups. This enhancement simplifies API ecosystem management by allowing better organization and categorization of consumers (which in the Kong configuration model represent API clients). The expansion of Consumer Groups to plugins like ACL, Proxy Cache, Rate Limiting, and more, translates into less overhead for developers and adherence to DRY (Don’t Repeat Yourself) principles, making your API management more efficient and less prone to errors. Less configuration is required when you group similar Kong Consumers into Consumer Groups.
FIPS-Certified Kong Gateway Enterprise: Achieving FIPS certification demonstrates our commitment to high-security standards. The Kong Cryptographic Module v1.0.0, integral to Kong Gateway Enterprise 3.6, has been rigorously tested and validated under NIST’s Cryptographic Algorithm Validation Program (CAVP). This certification ensures that your data is protected by industry-approved cryptographic algorithms, providing peace of mind and meeting stringent compliance requirements.
Detailed Performance Benchmarks: Understanding the importance of performance in enterprise environments, we're releasing comprehensive benchmarks for Kong Gateway. These benchmarks, along with our testing methodology, offer clear insights into the performance capabilities of our gateway. Additionally, we're open-sourcing the entire testing framework on GitHub, fostering transparency and community collaboration.
Kong Gateway Enterprise 3.6 is more than just an update — it's a strategic enhancement to your enterprise's security, efficiency, and compliance posture. We're excited for you to experience these benefits firsthand and look forward to your feedback as we continue to innovate and lead in the API management space.
Begin your journey with Kong Gateway 3.6 by signing up for Kong Konnect for free!
If you’re interested in Kong Gateway Enterprise 3.6, you can download it for free here. To explore the comprehensive list of features, fixes, and updates, please see the Docs and the CHANGELOG.
Ever feel like you're fighting an uphill battle with your API strategy? You're building APIs faster than ever, but somehow everything feels harder. Wasn’t API-first supposed to make all this easier? Well, you're not alone. And now industry analys
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
Survey Says: Google LLMs See Usage Surge, Most OK with DeepSeek in the Workplace Enterprise adoption of large language models (LLMs) is surging. According to Gartner , more than 80% of enterprises will have deployed generative AI (GenAI) applicatio
Kafka delivers massive value for real-time businesses — but that value comes at a cost. As usage grows, so does complexity: more clusters, more topics, more partitions, more ACLs, more custom tooling. But it doesn’t have to be that way. If your tea
A Practical Look at When (and When Not) to Use Ambient Mesh The word on the street is that ambient mesh is the obvious evolution of service mesh technology — leaner, simpler, and less resource-intensive. But while ambient mesh is an exciting develop
I'm commonly asked by customers for advice on how they can build a good platform cross-charging model for their organization. And my gut reaction is nearly always "don't." We'll come back to why I think that later, but first let's look at what cross