ActiveGate FIPS compliance

• Latest Dynatrace
• Updated on Jul 15, 2025

ActiveGate version 1.315+

What is FIPS?

The Federal Information Processing Standard (FIPS) is "a standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology to achieve a common level of quality or some level of interoperability" (source: NIST glossary).

FIPS compliance means that a product adheres to all security requirements imposed by the standard.

ActiveGate FIPS-compliant mode

ActiveGate deployed in FIPS-compliant mode uses FIPS-certified cryptographic libraries:

ActiveGate purposes compatibility

Host-based ActiveGate deployment

FIPS-compliant mode can be enabled during ActiveGate installation. For details, see Customize ActiveGate installation on Linux.

Requirements

Containerized ActiveGate deployment

Containerized ActiveGate deployments rely on FIPS-compliant images, which are available for the following architectures:

Container registries

FIPS-compliant ActiveGate images are available in our supported public registries with the image tag suffix -fips.

Example: public.ecr.aws/dynatrace/dynatrace-activegate:1.315.70.20241127-162512-fips

See Configure DynaKube to use images from public registry for details on how to instruct Dynatrace Operator to use images from the public registry.

Verification of FIPS-compliant mode

Web UI

To check whether an ActiveGate is running in FIPS-compliant mode

To list all ActiveGates running in FIPS-compliant mode

REST API

To use the Dynatrace API to check whether a specific ActiveGate is running in FIPS-compliant mode, use GET an ActiveGate to check the value of the fipsMode field.

To use the Dynatrace API to list all ActiveGates running in FIPS-compliant mode, use GET all ActiveGates with the fipsMode query parameter.

Logs

To verify whether ActiveGate is running in FIPS-compliant mode, look up the following entry in the ActiveGate logs (see below how to access logs depending on the ActiveGate deployment type):

2025-06-10 12:16:14 UTC INFO    [<tenant>] [FipsDetector] FIPS mode active: true

When FIPS mode active is true, all libraries and configuration related to FIPS compliance are properly initialized and ActiveGate is running in FIPS-compliant mode.

If ActiveGate was installed in FIPS-compliant mode or a FIPS-compliant image was used, but the initialization of FIPS libraries fails or required configuration is missing, ActiveGate cancels its startup and writes the following entries to the log file:

ActiveGate FIPS mode initialization failed

Additionally, a log line describes the specific reason causing the initialization failure.

Accessing logs in host-based deployment

ActiveGate log files have the pattern dynatracegateway.0.<number>.log and can be found in the ActiveGate logs directory (see ActiveGate directories).

Accessing logs in containerized deployment

Logs from containerized ActiveGates can be retrieved using the following command: kubectl -n <NAMESPACE> logs statefulset.apps/<DYNAKUBE_NAME>-activegate In case there are multiple replicas configured, logs from a single pod will be returned.

To get logs from a specific pod, use the following command: kubectl -n <NAMESPACE> logs pod/<DYNAKUBE_NAME>-activegate-<REPLICA_NUMBER>

Supported cipher suites