What's New

This document describes new and enhanced features for AAM Dynamic Access Provider (DAP).


For release notes, see Release Notes.

GCP Authenticator

Version 12.0 introduces a new authenticator that enables workloads running in Google Cloud to authenticate to DAP using the underlying Google Cloud identity and securely retrieve secrets. This eliminates the secret zero problem. The new authenticator supports the following Google Cloud services:

  • Google Compute Engine

  • Google Cloud Functions

    The new GCP Authenticator comes in addition to already available AWS and Azure Authenticators to secure workloads on the three major cloud providers.

For more information about the GCP Authenticator, see GCP Authenticator.

Data segregation using multiple Vault Synchronizers to various hybrid and multi-cloud environments

You can now sync accounts from the same Vault to multiple DAP clusters serving hybrid and multi-cloud environments by connecting a Vault Synchronizer for each of the clusters (up to 5 DAP clusters). This enables data segregation among the different DAP environments. This could be useful for separating secrets available on-premise and in the various clouds, or separating secrets in testing and production environments.

FIPS compliance

The CyberArk Vault Synchronizer has been added to the list of FIPS compliant components:

  • DAP Server

  • Kubernetes Authenticator Client

  • (New) CyberArk Vault Synchronizer