Security at enterprise scale means more than setting the right policies — it means keeping credentials fresh, consistent, and verifiable across every environment your gateway touches. Here are some highlights of how Kong API Gateway 3.15 delivers targeted enhancements that give platform teams tighter control over certificates, secrets, and token validation without adding operational complexity.
**Azure Key Vault Certificate.** Managing certificates as static secrets in Azure Key Vault is an operational headache. One missed manual rotation can take down your backend services. Kong Gateway 3.15 solves this by adding native support for **Azure Key Vault Certificates**. By moving from "Secrets" to "Certificates", you gain automated lifecycle management and hands-free rotation, securing your infrastructure at scale.
**File-based vault secret resolution.** Teams running in air-gapped environments or using Kubernetes Secrets that write to the filesystem have needed bespoke synchronization scripts to get secrets into their data planes. Kong API Gateway 3.15 adds secret resolution from file-based vaults, allowing consistent vault configuration with runtime secret resolution from the filesystem without the need for third-party software.
**Proof of Possession token validation behind WAFs.** Enterprises that terminate TLS at a WAF before traffic reaches Kong face a specific problem: the client certificate never arrives at the gateway via the TLS handshake, which breaks mTLS-based Proof of Possession validation. Kong API Gateway 3.15 adds PoP token validation support for exactly this topology, enabling cryptographically-bound token authentication even when the gateway sits behind a WAF.