What's new

This document describes new and enhanced features for Conjur Secrets Manager Enterprise version 13.1.

Conjur Enterprise enables data sovereignty support for all Conjur Follower types

We have expanded our data sovereignty capabilities to support all types of Conjur Followers including Conjur Kubernetes Followers and appliance-based Conjur Followers. You can now control how to segregate your secrets per Follower, keeping to the "least privilege" principle and reducing the attack surface in remote environments. You do this by specifying which data to replicate to which Follower, based on the needs of each Follower.

For more information, see Segregate secrets per Follower and Set up Follower.

Enhanced FIPS compliance support

We have enhanced our FIPS compliance coverage to include Conjur components as well as third-party components included in Conjur. In addition, you can now view, disable, and enable FIPS mode for your Conjur cluster.

For more information, see FIPS compliance.

IAM authenticator supports AWS regional Security Token Service (STS)

We have expanded the IAM authenticator to support AWS regional STS, in addition to supporting the default global STS endpoint (sts.amazonaws.com). The IAM authenticator now validates the AWS token against the STS that generated the token.

For more information, see AWS IAM Authenticator.

Enhanced CyberArk Vault Synchronizer

You can now configure multiple CyberArk Vault Synchronizer instances to synchronize different Safes within a single Vault and a single Conjur cluster.

In addition, CyberArk Vault Synchronizer now supports communication via proxy and can be configured for proxy communication with CyberArk Vault and Conjur clusters.

For more information, see CyberArk Vault Synchronizer.