This document describes new and enhanced features for AAM Dynamic Access Provider (DAP).
For release notes, see Release Notes.
Version 12.0 introduces a new authenticator that enables workloads running in Google Cloud to authenticate to DAP using the underlying Google Cloud identity and securely retrieve secrets. This eliminates the secret zero problem. The new authenticator supports the following Google Cloud services:
Google Compute Engine
Google Cloud Functions
The new GCP Authenticator comes in addition to already available AWS and Azure Authenticators to secure workloads on the three major cloud providers.
For more information about the GCP Authenticator, see GCP Authenticator.
Data segregation using multiple Vault Synchronizers to various hybrid and multi-cloud environments
You can now sync accounts from the same Vault to multiple DAP clusters serving hybrid and multi-cloud environments by connecting a Vault Synchronizer for each of the clusters (up to 5 DAP clusters). This enables data segregation among the different DAP environments. This could be useful for separating secrets available on-premise and in the various clouds, or separating secrets in testing and production environments.
The CyberArk Vault Synchronizer has been added to the list of FIPS compliant components:
Kubernetes Authenticator Client
(New) CyberArk Vault Synchronizer