DOCS-426: document hybrid PQC coverage for SaaS and Gateway

[harrison-akeyless]

Summary

• updates Gateway TLS docs to distinguish default SaaS hybrid PQC behavior from Gateway endpoint configuration requirements
• updates Docker guidance to keep MIN_TLS_VERSION=TLSv1.3 and GODEBUG=tlsmlkem=1 together for Gateway endpoint hybrid PQC enablement
• adds a dedicated PQC Support Reference page with TLS profile, algorithm details, coverage matrix, and verification guidance
• adds navigation links for the new reference page under Configure Gateway

Validation

• markdownlint-cli2 --fix (edited files only): pass
• markdownlint-cli2 verify (edited files only): pass
• cspell (edited files only): pass
• lychee (edited files only): expected pre-publish 404 on https://docs.akeyless.io/docs/gateway-pqc-support-reference

Tracking

• Jira: DOCS-426

Summary by CodeRabbit

• Documentation

  • Added comprehensive post-quantum cryptography (PQC) support guide with hybrid TLS 1.3 configuration, verification instructions, and troubleshooting
  • Updated deployment documentation with clarified PQC behavior and setup requirements

• Improvements

  • Simplified PQC configuration—removed unnecessary environment variable requirements
  • Clarified enablement differences between SaaS and Gateway deployments

[EldadH89]

@harrison-akeyless the GODEBUG is not related if I understand correctly, it still referencing this . @deanshak LUK WDYT

[EldadH89]

need to remove all GODEBUG staff

[coderabbitai]

Warning

Rate limit exceeded

@harrison-akeyless has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 25 minutes and 4 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 567fec4e-14fc-45c1-bec8-500cafae2b0c

📥 Commits

Reviewing files that changed from the base of the PR and between 93d2a5e and 16ea255.

📒 Files selected for processing (3)

• .pre-commit-config.yaml
• docs/Akeyless Gateway/configure-gateway/gateway-pqc-support-reference.md
• docs/Akeyless Gateway/configure-gateway/gateway-tls-settings.md

📝 Walkthrough

Walkthrough

This PR adds comprehensive post-quantum cryptography (PQC) support documentation for Akeyless Gateway's hybrid TLS 1.3 configuration, updates deployment guides to reflect simplified setup (TLS 1.3 only, no Go flags), and standardizes terminology formatting across the documentation set.

Changes

Post-Quantum Cryptography Support Documentation

Layer / File(s)	Summary
PQC Support Reference Documentation docs/Akeyless Gateway/configure-gateway/gateway-pqc-support-reference.md	New comprehensive guide documenting hybrid X25519MLKEM768 key exchange, coverage matrix distinguishing SaaS default behavior from Gateway configuration requirements, TLS 1.3 setup steps, client compatibility expectations, and verification/troubleshooting guidance for browsers and OpenSSL.
Configuration & Deployment Integration docs/Akeyless Gateway/configure-gateway/_order.yaml, docs/Akeyless Gateway/configure-gateway/index.md, docs/Akeyless Gateway/configure-gateway/gateway-tls-settings.md, docs/Akeyless Gateway/deploy-gateway/gateway-deploy-kubernetes-helm/gateway-kubernetes-helm-values-reference.md, docs/Akeyless Gateway/deploy-gateway/gateway-deploy-standalone-docker/gateway-docker-advanced-configuration.md, docs/Getting Started/dfc-overview/dfc-deep-dive.md	Document discovery ordering, configuration index link, TLS settings clarification (SaaS enables PQC by default; Gateway requires MIN_TLS_VERSION=TLSv1.3), Kubernetes Helm values using TLSConf settings, Docker environment configuration, and Getting Started references updated to use consistent ML-KEM 768 spacing.
ML-KEM Terminology Standardization .github/markdownlint/.markdownlint-cli2.yaml	Markdownlint AKY017 rule extended with three term mappings (MLKEM-768, ML-KEM768, ML-KEM-768) to normalize all variants to canonical ML-KEM 768 format.

Gitleaks Security Configuration

Layer / File(s)	Summary
Gitleaks Allowlist Configuration .gitleaks.toml	Allowlist exempting .github/LEAK_RESPONSE.md and .github/markdownlint/custom-rules.js from credential scanning to suppress false positives in documentation examples.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• Avi-Akeyless

Poem

🐰 Quantum leaps and cryptographic dreams,
X25519 and ML-KEM 768 streams,
Gateway configured, PQC now clear,
Hybrid TLS 1.3 is finally here!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title directly and accurately summarizes the main objective of the changeset: documenting hybrid PQC (post-quantum cryptography) coverage for both SaaS and Gateway endpoints.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v1.0_docs-426-pqc-hybrid-tls

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}