Skip to main content
FIPS-compliant images are available on the Enterprise plan. Contact your Portkey representative or support@portkey.ai to receive access to the FIPS image registry.
Portkey publishes FIPS-compliant container image variants for the Enterprise Gateway and the Data Service for customers operating under FIPS 140-3 / FedRAMP requirements. The FIPS images are functionally identical to the standard images, with the following differences:
  • The container runs Node.js with the OpenSSL FIPS provider enabled.
  • Cryptographic primitives used internally (e.g. SHA-256 for AWS request signing) are routed through FIPS-validated providers — the Data Service uses @smithy/hash-node instead of the default JS hashing path.
  • The base image and dependencies are pinned to FIPS-validated versions.

Components with FIPS images

Deploying via Helm

The standard Portkey Helm chart accepts the FIPS image references through the existing *Image.repository / *Image.tag values — point them at the FIPS image registry provided by Portkey:
No other chart values need to change. Existing LOG_STORE, virtual-key, config, and observability settings continue to apply.

Verifying FIPS mode

After deploying, you can confirm FIPS mode is active by checking the OpenSSL providers loaded inside the container:
A return value of 1 indicates FIPS is enabled.

Support

For access to the FIPS image registry, validation reports, or compliance documentation, reach out to the Portkey team at support@portkey.ai.
Last modified on May 21, 2026