Aembit Docs

Oracle Database support enters beta with new process-based identifiers

February 26, 2026

Aembit has released new versions of the following components and packages:

Helm Chart
VM Agent Proxy package
VM Agent Controller package
AWS Lambda Extension
AWS Lambda Layer
Agent Injector
Agent Proxy
Agent Controller

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

Oracle Database protocol support (Limited Beta)
Support Process Command Line and Process Path client workload identification

Aembit’s Agent Proxy now supports the Oracle Database application protocol in Limited Beta. This enables Aembit to manage access for client workloads connecting to Oracle databases by intercepting the TNS wire protocol and injecting credentials transparently.

Key capabilities:

Username/password credential injection for Oracle 19c and 21c databases (12C password verifier only)
Support for thin Oracle clients (Java, Python), with experimental thick client support
Tested with AWS RDS for Oracle and containerized Oracle environments
Transparent steering on Linux VM deployments

For setup instructions, see the Oracle Database Server Workload guide. For an overview of how Oracle protocol support works, see About Oracle Databases.

Aembit’s Agent Proxy now supports Process Command Line and Process Path as Client Workload identifiers. These identifiers allow you to identify client workloads based on their full command line or executable path, providing more granular control over which applications can access your protected resources.

Key capabilities:

Process Command Line: Identify workloads by the full command used to start them, including arguments. Supports wildcard matching to target specific arguments (for example, *--env production*).
Process Path: Identify workloads by the exact filesystem path of the executable.
Combine with other identifiers like Process Name and Process User Name for precise matching.
Supports Linux virtual machine deployments.

For configuration details, see Process Command Line and Process Path.

Tags:

Earlier Client Workload identification in AWS Lambda Extension

November 22, 2024

Aembit has released an updated AWS Lambda Extension, enhancing support for Client Workload identification earlier in the Lambda container lifecycle.

For more information, please refer to the AWS Lambda Container Supported Phases.

Tags:

GitLab Jobs now supported in the Aembit Terraform Provider

October 18, 2024

The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.

Aembit now supports both GitLab Job Client Identifiers and GitLab Job Trust Provider types, enabling you to manage Client Workloads in Gitlab using the Aembit Terraform Provider.

For more detailed technical information on how to manage Client Workloads in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.

Tags:

Custom Resource Sets now supported for GitHub Actions and GitLab Jobs

September 18, 2024

Aembit regularly provides feature and functionality updates to various components to extend capabilities and performance.

Aembit has released a feature improvement that enables you to work with Custom Resource Sets in GitHub Actions and GitLab Jobs CI/CD pipelines.

Custom Resource Set Support for GitHub Actions and GitLab Jobs

For users that would like to implement a CI/CD pipeline solution using Aembit with a custom Resource Set, separate from other workloads, Aembit has introduced Resource Set support for both GitHub Actions and GitLab Jobs.

Aembit supports Workload Identity and Access with GitHub Actions or GitLab Jobs, in your CI/CD workloads and encourages scoping these for appropriate access control. Adding support for Resource Sets in these solutions provides you with additional options and flexibility in best managing and protecting your CI/CD workloads.

For more information on how to configure Resource Sets in GitHub Actions and GitLab Jobs, please see the following pages:

Tags:

Expanded Client Workload identification and Trust Provider match rules

June 26, 2024

Aembit now supports more options for identifying Client Workloads and specifying Trust Provider match rules, including multiple “or” condition matches and wildcard support.

These matching improvements shipped alongside the new OAuth 2.0 Authorization Code Credential Provider; see that entry for the new-feature details.

Tags:

Access Authorization Events and Google Cloud Run Jobs support now available

January 16, 2024

Support for Access Authorization Events

Aembit has now enabled support for Access Authorization Events. Access Authorization Events enable customers to observe credential requests.

Support for Google CloudRun Jobs as Client Workloads

Aembit supports Google CloudRun Jobs as Client Workloads. With this support, you can now:

authenticate to the Aembit IdP using Attestation with the GCP Cloud Run Job Identity
request and retrieve a secret from GCP Secret Manager

Tags: