Changelog — Aembit Secrets Operator

Aembit Secrets Operator CRDs graduate to v1

May 15, 2026

Aembit Secrets Operator 1.31.314 is now available.

This release graduates the Secrets Operator CRDs from v1beta1 to v1. Use apiVersion: aembit.io/v1 in your manifests—see the Configuration Reference for the updated specs.

Tags:

• Enhancement
• Aembit Secrets Operator

Aembit Secrets Operator now available

May 12, 2026

Aembit Secrets Operator 1.31.298 is now available.

Secrets Operator is a Kubernetes operator that authenticates to the Aembit platform and synchronizes credentials into Kubernetes Secrets. Applications consume managed secrets the same way they consume any other Kubernetes Secret.

Key capabilities in this release:

• Kubernetes Service Account authentication: Authenticate using the operator’s in-cluster ServiceAccount token, validated against the cluster’s OIDC endpoint. No per-cluster signing key required. Verified on Amazon EKS and K3s. See Set up Secrets Operator for configuration.
• OIDC symmetric key authentication: Alternatively, authenticate using OIDC tokens with symmetric key signing (HS256) for custom claims and non-Kubernetes identity scenarios.
• Proactive credential renewal: Credentials refresh at 80% of their TTL, or sooner when you configure a shorter refreshInterval, ensuring applications always have a valid credential.
• Multi-namespace install: You can now use the same Helm release name across multiple namespaces on the same cluster without resource name conflicts.

Tags:

• New Feature
• Aembit Secrets Operator