Aembit has released Agent Controller version 1.30.3384.
Agent Controller now honors HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables.
If your network routes outbound traffic through an HTTP proxy, you can configure these
environment variables so that Agent Controller routes its outbound connections through
the proxy.
For details, see Agent Controller environment variables.
Aembit has released new versions of the following components and packages:
For the latest available versions of these components, see the Edge Components Supported Versions page.
Key Updates:
Aembit has released new versions of the following components and packages:
For the latest available versions of these components, see the Edge Components Supported Versions page.
Key Updates:
Aembit has released new versions of the following components and packages:
For the latest available versions of these components, see the Edge Components Supported Versions page.
Key Updates:
Aembit has applied performance enhancements to Agent Controller in this release, including:
AEMBIT_HTTP_DISABLED environment variable (HTTP is now disabled when TLS is enabled)For the latest available versions of these components, see the Edge Components Supported Versions page.
Aembit has released the new AWS IAM Role Credential Provider Integration and Secrets Manager Credential Provider. Together, they enable you to retrieve secrets from AWS Secrets Manager directly through Aembit.
See AWS IAM Role Credential Provider Integration and AWS Secrets Manager Credential Provider to learn more.
Aembit has released the Aembit CLI, a command-line interface that allows you to inject credentials into your CI/CD pipelines. Compatible with GitLab, GitHub, and now Jenkins.
Check out the Aembit CLI Guide to get started with the Aembit CLI!
Also, see Aembit Edge on CI/CD services for more information on how to use Aembit
CLI with your CI/CD pipelines.
Aembit has released support for Jenkins Pipelines to help you integrate Aembit into your Jenkins CI/CD workflows. This integration allows you to securely retrieve and use Aembit-managed credentials directly in your Jenkins Pipelines, streamlining your CI/CD processes and enhancing security.
Check out Jenkins Pipelines to learn more about how to use Aembit with Jenkins Pipelines.
Aembit now supports Server Workloads with a wildcard hostname.
This enables you to simplify your server workloads in a flexible and well defined manner.
As of Agent Controller version 1.24.xxxx, Aembit has enhanced Agent Controller to automatically close insecure HTTP ports when you enable TLS. This update streamlines security by ensuring only encrypted connections are active.
When you enable TLS, Agent Controller now automatically:
This automation removes the manual step of closing insecure, vulnerable ports, preventing potential misconfigurations and enforcing a more secure, “secure-by-default” posture.
Aembit has applied security enhancements to Agent Controller version 1.24.2485 in this release, including:
Updated Edge Components:
Updated Edge Packages:
Helm Chart
Terraform ECS module
See Edge Components supported versions for more details.
Aembit has released a new version of Agent Controller, version 1.23.2263, with the following changes:
Enhanced TLS certificate status reporting with improved retry and error handling.
Added comprehensive logging for environment variable configuration with sensitive data masking for secure review.
Updated Edge Components:
Updated Edge Packages:
Helm Chart
VM Agent Controller package
Terraform ECS module
See Edge Components supported versions for more details.
Agent Controllers now support Allowed TLS Hostname as a configurable field in your Aembit Tenant:
Allowed TLS Hostname serves the same purpose as the
AEMBIT_MANAGED_TLS_HOSTNAME Agent Controller
environment variable.
Configuring an Allowed TLS Hostname allows you to specify which domain name Aembit Managed TLS includes in the TLS certificate. This makes sure secure connections from your Agent Proxies are only valid when using this exact domain name to reach your Agent Controller, enhancing security without restricting which Agent Proxies can communicate with it.
To configure your Agent Controller with an allowed TLS hostname, see How to create and Agent Controller or Configure Agent Controller TLS with Aembit’s PKI.
The Kerberos Trust Provider now supports the attestation of Client Workloads running on Windows Server virtual machines (VMs) joined to Active Directory (AD). See Kerberos Trust Provider for details.
You can now install Agent Controller on Windows Server 2019 and Windows Server 2022 virtual machines. See Agent Controller on Windows Server for details.
Enhanced Agent Controllers to now serve the entire CA certificate chain instead of just the leaf certificate.
Updated Edge Components:
Updated Edge Packages:
Helm Chart version
Terraform ECS module version
VM Agent Controller package
Aembit has released two new updates and improvements to Aembit components:
You may now view the real-time health status of Agent Controllers in the Aembit Tenant.
For more information on how to check the health status of Agent Controllers, please see the Tenant Health Check page.
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit regularly releases updates to Aembit components and packages to improve overall performance of your environment.
The following updates have been released:
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit has extended the Aembit PKI-based Agent Controller TLS functionality beyond just ECS deployment models to include Kubernetes and virtual machine deployments.
For Kubernetes deployments, if the Customer’s PKI-based Agent Controller is already configured, it will remain unchanged. Otherwise, Aembit’s PKI-based Agent Controller TLS is enabled by default.
For virtual machine deployments, you need to configure Aembit’s PKI-based Agent Controller TLS manually.
Aembit has released two major enhancements to Aembit Edge Components: Aembit Edge Terraform Module for AWS ECS, and ECS TLS support.
Aembit releases updates to the Aembit ECS Terraform Registry on a regular basis to provide users with additional features and functionality, including improvements to Agent Proxy and Agent Controller.
For more information on the latest ECS Terraform Registry release, please see the Aembit Terraform Registry page.
Aembit has released an ECS deployment enhancement that enable Transport Layer Security (TLS) between the Agent Proxy and Agent Controller using Aembit-provided Private Key Infrastructure (PKI).
There is no option to use your own PKI for ECS deployments.
An issue was identified in the Agent Controller component due to the non-rotation of the public/private key pair used for Kerberos attestation. This issue has been resolved by implementing a process by which these private/public key pairs will be automatically rotated when the certificate reaches 80% of its lifespan.
Aembit now supports secure communication between Agent Proxy and Agent Controller using Transport Layer Security (TLS) for both Kubernetes and virtual machine deployments.
For more information on how to configure TLS for Agent Controller, please refer to the Configuring TLS for Agent Controller documentation.
The Aembit Agent Controller can now be installed in high availability configurations. Because the Agent Controller is a critical Aembit Edge Component that manages Agent Proxy registration and credential acquisition for Aembit Cloud access, HA support was necessary to ensure the continuous availability of the Agent Controller.
For information on installing and configuring Agent Controller in high availability environments, please see the Agent Controller High Availability page.