Changelog — Trust Provider

Discovery filtering and OIDC ID Token Trust Provider now available

July 22, 2025

Aembit has added more advanced filtering options to the Discovered tab for Client and Server Workloads. This enables you to find specific discovered workloads based on the criteria you filter.

See Filtering Discovered Workloads for more info.

---

Aembit has added the OIDC ID Token Trust Provider. This Trust Provider is Aembit’s solution for authenticating workloads using standard OIDC ID tokens. It validates incoming tokens against specific issuer, audience, and subject claims, giving you maximum flexibility to integrate with virtually any OIDC-compliant identity provider for secure, token-based workload access.

See OIDC ID Token Trust Provider for more info.

---

Aembit has applied security and performance enhancements to Agent Proxy version 1.24.3324 in this release.

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• Terraform ECS module

• AWS Lambda Extension

See Edge Components supported versions for more details.

Tags:

• Enhancement
• Discovery
• Trust Provider
• Agent Proxy

Windows Server now supported for Kerberos Trust Provider and Agent Controller

April 3, 2025

The Kerberos Trust Provider now supports the attestation of Client Workloads running on Windows Server virtual machines (VMs) joined to Active Directory (AD). See Kerberos Trust Provider for details.

You can now install Agent Controller on Windows Server 2019 and Windows Server 2022 virtual machines. See Agent Controller on Windows Server for details.

Tags:

• Enhancement
• Trust Provider
• Agent Controller

Vault private network access and CrowdStrike on Windows now available

February 20, 2025

Aembit now supports accessing HashiCorp Vault Credential Providers that reside on private networks. This allows your colocated Agent Proxy to handle authentication directly instead of Aembit Cloud. See Accessing Vault on private networks for more info.

Aembit now supports Conditional Access for CrowdStrike on Windows. To set up Conditional Access for CrowdStrike on Windows, follow the steps in Access Condition for CrowdStrike.

Aembit now supports the AWS Role Trust Provider on Agent Proxy for ECS Fargate deployments.

Enhanced Vault token header behavior.

Enhanced Agent Proxy initialization on Kubernetes to prevent other processes from interfering and impacting its startup.

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• Terraform ECS module

• VM Agent Proxy package

• AWS Lambda Extension

See Edge Components supported versions.

Tags:

• Enhancement
• Credential Provider
• Trust Provider
• Agent Proxy
• Access Policy

Multiple match rules of the same type now supported in Terraform Provider

October 25, 2024

The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.

You may now use multiple Trust Provider match rules of the same type (OR-based combinations) in your Terraform Provider configuration.

For more detailed technical information on how to use similar match rule types in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.

Tags:

• Enhancement
• Trust Provider

GitLab Jobs now supported in the Aembit Terraform Provider

October 18, 2024

The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.

Aembit now supports both GitLab Job Client Identifiers and GitLab Job Trust Provider types, enabling you to manage Client Workloads in Gitlab using the Aembit Terraform Provider.

For more detailed technical information on how to manage Client Workloads in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.

Tags:

• Enhancement
• Trust Provider
• Client Workloads

Expanded Client Workload identification and Trust Provider match rules

June 26, 2024

Aembit now supports more options for identifying Client Workloads and specifying Trust Provider match rules, including multiple “or” condition matches and wildcard support.

These matching improvements shipped alongside the new OAuth 2.0 Authorization Code Credential Provider; see that entry for the new-feature details.

Tags:

• Enhancement
• Client Workloads
• Trust Provider

AWS Role Trust Provider now available

June 4, 2024

Aembit has released an update to support AWS Role-Based Trust Providers.

The ability to create and use different types of Trust Providers in your Aembit environment enables you to have flexibility in how resources are managed. With this enhancement, you now have an additional option when selecting a Trust Provider.

For more information on AWS Role-Based Trust Providers, please see the AWS Role Trust Provider page.

Tags:

• New Feature
• Trust Provider

Kerberos Trust Provider now available for Active Directory

March 12, 2024

Aembit has released a Kerberos Trust Provider that enables the attestation of Client Workloads running in virtual machine environments joined to Active Directory. This attestation method is specifically designed for on-premise deployments where alternative attestation methods, such as AWS or Azure metadata service trust providers, are not available.

For more detailed information on this Kerberos Trust Provider, please refer to the Kerberos Trust Provider technical documentation.

Tags:

• New Feature
• Trust Provider