Restored Agent Proxy termination behavior when you set AEMBIT_SIGTERM_STRATEGY to immediate.
Updated Edge Components:
Updated Edge Packages:
Helm Chart
VM Agent Proxy package
AWS Lambda Extension
Enhanced Agent Controllers to now serve the entire CA certificate chain instead of just the leaf certificate.
Updated Edge Components:
Updated Edge Packages:
Helm Chart version
Terraform ECS module version
VM Agent Controller package
Aembit’s Access Condition integration with Wiz now supports Lambda Containers. See Access Condition for Wiz to configure an Access Condition.
Aembit now supports accessing HashiCorp Vault Credential Providers that reside on private networks. This allows your colocated Agent Proxy to handle authentication directly instead of Aembit Cloud. See Accessing Vault on private networks for more info.
Aembit now supports Conditional Access for CrowdStrike on Windows. To set up Conditional Access for CrowdStrike on Windows, follow the steps in Access Condition for CrowdStrike.
Aembit now supports the AWS Role Trust Provider on Agent Proxy for ECS Fargate deployments.
Enhanced Vault token header behavior.
Enhanced Agent Proxy initialization on Kubernetes to prevent other processes from interfering and impacting its startup.
Updated Edge Components:
Updated Edge Packages:
Helm Chart
Terraform ECS module
VM Agent Proxy package
AWS Lambda Extension
Aembit now supportsAzure Entra Workload Identity Federation as a Credential Provider. This enables you to automatically obtain credentials through Aembit as a third-party federated Identity Provider (IdP) to securely authenticate with Azure Entra to access your Azure Entra registered applications and managed identities.
Aembit now supports Automatic User Creation triggered by SSO login requests. Aembit has enhanced the Identity Provider configuration page with additional parameters, enabling you to map SAML attributes from your Identity Provider to the user roles defined in your Aembit Tenant.
You can now change the leaf certificate lifetime when using the TLS Decrypt feature.
Aembit Agent Proxy supports virtual machine deployments for Windows Server 2019 and Windows Server 2022. See Agent Proxy install for details.
Aembit Edge Components have been updated to include support for RedHat Enterprise Linux (RHEL) 8 and 9 with Security-Enhanced Linux (SELinux). With this improvement, administrators may now add additional layers of security to their system architecture.
For more information on integrating Aembit Edge Components with SELinux, please see the SELinux support page.
Aembit has released an updated AWS Lambda Extension, enhancing support for Client Workload identification earlier in the Lambda container lifecycle.
For more information, please refer to the AWS Lambda Container Supported Phases.
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Agent Proxy has been updated to include a new environment variable that enables Agent Proxy to monitor network traffic so you can perform detailed debugging if you encounter network traffic errors.
For more detailed information on this feature, please see the Agent Proxy Debug Network Tracing page.
The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.
You may now use multiple Trust Provider match rules of the same type (OR-based combinations) in your Terraform Provider configuration.
For more detailed technical information on how to use similar match rule types in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.
Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.
The following new features and enhancements have been released:
Aembit automatically records and collects various types of workload metadata in access authorization events, enabling you to use this information to audit and analyze security events.
The information collected and recorded in these access authorization events has been enhanced to now capture and display additional workload metadata, including VM hostname, IP address, and process name.
For more information on access authorization events, please refer to the following technical documentation pages:
Aembit continues to look for ways to improve the overall user experience in an Aembit environment, while also providing additional functionality and features that enhance this experience. One of these ways is by enabling you to route only specific types of traffic through Aembit, via the explicit steering feature.
With explicit steering, you can now configure Client Workloads to direct only certain types of traffic to the Agent Proxy. This enables you to have more precise control of which traffic is managed by the Agent Proxy.
For more information on the explicit steering feature, please refer to the Explicit Steering page.
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.
Aembit now supports both GitLab Job Client Identifiers and GitLab Job Trust Provider types, enabling you to manage Client Workloads in Gitlab using the Aembit Terraform Provider.
For more detailed technical information on how to manage Client Workloads in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.
Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.
The following four new major features have been released:
Aembit has released a Terraform Provider update that enables users to add multiple Credential Providers to an Access Policy.
Aembit now supports use cases where the Aembit Terraform Provider can manage Aembit Access Policies associated with individual or multiple Credential Providers.
For more information about this feature, please see the Multiple Credential Providers - Terraform page.
Aembit continually makes improvements and enhancements to the Admin Dashboard to provide greater visibility and insight into your Aembit environment.
The Admin Dashboard has been updated and enhanced with additional tiles and panels that provide detailed information on Client and Server Workloads, Credential Usage by Type, the number of Access Condition failures based on Access Policies over the past 24 hours, and several other visualizations.
For more information on the Admin Dashboard and these additional panels, please see the Admin Dashboard Overview page.
Aembit aims to provides users with the ability to view detailed Aembit Edge metrics and data.
Aembit now exposes Prometheus-compatible metrics which enables users to view, and troubleshoot Aembit Edge Components (Agent Proxy, Agent Controller, and Agent Injector), while supporting both Kubernetes and virtual machine deployment models.
For more detailed information on how Aembit exposes Prometheus-compatible metrics, please see the Aembit Edge Prometheus-compatible Metrics page.
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit has released improvements to its reporting and logging/auditing capabilities, giving you improved visibility into access authorization events and audit logs. With these enhancements, you can more easily diagnose issues and troubleshoot problems in your environment.
Improvements have been made to the Aembit Tenant’s reporting capabilities and reporting documentation, enabling increased visibility into access authorization events and audit logs. The Aembit technical documentation has also been augmented to assist with using these capabilities.
For more information on these access authorization event and audit log improvements, please see the following pages:
Aembit has released two new updates and improvements to Aembit components:
You may now view the real-time health status of Agent Controllers in the Aembit Tenant.
For more information on how to check the health status of Agent Controllers, please see the Tenant Health Check page.
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit Edge Components are regularly updated to newer versions to address specific bug fixes and optimize performance of these components.
We recently identified a known issue that was resolved with a new Helm Chart version.
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit regularly provides feature and functionality updates to various components to extend capabilities and performance.
Aembit has released a feature improvement that enables you to work with Custom Resource Sets in GitHub Actions and GitLab Jobs CI/CD pipelines.
For users that would like to implement a CI/CD pipeline solution using Aembit with a custom Resource Set, separate from other workloads, Aembit has introduced Resource Set support for both GitHub Actions and GitLab Jobs.
Aembit supports Workload Identity and Access with GitHub Actions or GitLab Jobs, in your CI/CD workloads and encourages scoping these for appropriate access control. Adding support for Resource Sets in these solutions provides you with additional options and flexibility in best managing and protecting your CI/CD workloads.
For more information on how to configure Resource Sets in GitHub Actions and GitLab Jobs, please see the following pages:
Aembit regularly releases updates to Aembit components and packages to improve overall performance of your environment.
The following updates have been released:
Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.
The following components and packages have been updated:
For the latest available versions of these components, please see the Edge Components Supported Versions page.
Aembit has extended the Aembit PKI-based Agent Controller TLS functionality beyond just ECS deployment models to include Kubernetes and virtual machine deployments.
For Kubernetes deployments, if the Customer’s PKI-based Agent Controller is already configured, it will remain unchanged. Otherwise, Aembit’s PKI-based Agent Controller TLS is enabled by default.
For virtual machine deployments, you need to configure Aembit’s PKI-based Agent Controller TLS manually.
Aembit Edge Components are updated on a regular basis to include new features, functionality, and package improvements.
Aembit has released new versions of the following components and packages:
Agent Proxy has been updated to address a specific issue related to idle timeouts for HTTP persistent connections (currently 1 hour). If no new request comes over a connection, the request will be closed by Agent Proxy.
For the latest available versions of these components, please see the Edge Components Supported Versions page.