No More Static Secrets: Kong Expands Cloud-Native Authentication Support

Kong Gateway 3.14 introduces a unified approach to cloud-native authentication across major cloud providers like AWS, Azure, and GCP, thereby eliminating the need for static credentials in service-to-service connections. This update ensures that all components Kong connects to, such as databases, caches, and secrets managers, can authenticate using the cloud's native identity systems, enhancing security and operational consistency. The strategic shift focuses on IAM-based identity models, exemplified by Kong's ability to authenticate to HashiCorp Vault using AWS IAM roles without relying on access or secret keys. Instead, Kong utilizes a signed AWS API request, verified independently by AWS STS, to grant temporary credentials, ensuring a secure and traceable authentication process. This approach not only reduces the burden of credential rotation and potential leaks but also provides a unified audit trail and enforces least-privilege access policies. By adopting this model, enterprises can maintain a consistent security posture across their cloud infrastructure, simplifying the operational model for connecting with various services.