What's new
This document describes new and enhanced features for Conjur Secrets Manager Enterprise (Conjur Enterprise) version 13.0.
|
For release notes, see Release Notes. |
Conjur Enterprise enables data sovereignty for Conjur Followers
You can now control how to segregate your secrets, keeping to the "least privilege" principle and reducing the attack surface in remote environments. You do this by specifying which data to replicate to which Conjur Follower, based on the needs of the workloads that each Follower is serving.
For more information, see Segregate secrets per Follower.
This feature doesn't support the Conjur - Kubernetes integration.
Central Policy Manager (CPM) can manage password rotation policy for Conjur hosts and Conjur users
CPM has new Conjur Enterprise plugins that support the Conjur Keys and Conjur Passwords target platforms. You can used these plugins to manage password rotation for Conjur hosts and Conjur users.
For more information, see Conjur Password plugin in the Privileged Access Manager - Self-Hosted documentation.
Improved the way secrets are consumed by CyberArk Vault Synchronizer
We have vastly improved the frequency at which new and modified secrets are updated from the CyberArk Vault / Privilege Cloud by reducing the default sychronization interval to 1 minute.
For more information, see Synchronizer flow with CyberArk Vault and Synchronizer flow with Privilege Cloud.
Log in to Conjur using any IdP that supports OIDC
We continue to enhance the product experience by enabling organizations that require single sign-on (SSO) to log in to Conjur Enterprise's (UI, CLI, and API) using their already existing identity provider (IdP) implementation.
You can now authenticate to Conjur Enterprise using any identity provider (IdP) supporting OIDC.
For more information, see OIDC Authenticator for Conjur UI and Conjur CLI authentication.
Secrets Provider for Kubernetes supports encoded secret value
Client applications running in Kubernetes can now consume binary secrets using the Secrets Provider for Kubernetes (Secrets Provider).
The Secrets Provider enables decoding a secret's value before storing the data in Kubernetes for workload consumption.
For more information, see Decode Base64-encoded secrets in the following topics:
-
Secrets Provider - init container/sidecar - Kubernetes Secrets mode (cert-based)
-
Secrets Provider - init container/sidecar - Push-to-File mode (cert-based)
-
Secrets Provider - init container/sidecar - Kubernetes Secrets mode (JWT)
-
Secrets Provider - init container/sidecar - Push-to-File mode (JWT)
Support for OpenShift 4.12 and Kubernetes 1.25
All Conjur Enterprise v13.0 components and configurations now support OpenShift v4.12 and Kubernetes 1.25.
For more information, see Supported Kubernetes-based environments.
