FIPS-compliant images are available on the Enterprise plan. Contact your
Portkey representative or support@portkey.ai to
receive access to the FIPS image registry.
- The container runs Node.js with the OpenSSL FIPS provider enabled.
- Cryptographic primitives used internally (e.g. SHA-256 for AWS request signing) are routed through FIPS-validated providers — the Data Service uses
@smithy/hash-nodeinstead of the default JS hashing path. - The base image and dependencies are pinned to FIPS-validated versions.
Components with FIPS images
Deploying via Helm
The standard Portkey Helm chart accepts the FIPS image references through the existing*Image.repository / *Image.tag values — point them at the FIPS image registry provided by Portkey:
LOG_STORE, virtual-key, config, and observability settings continue to apply.
Verifying FIPS mode
After deploying, you can confirm FIPS mode is active by checking the OpenSSL providers loaded inside the container:1 indicates FIPS is enabled.

