This document describes new and enhanced features for Conjur Secrets Manager Enterprise version 13.1.
Conjur Enterprise enables data sovereignty support for all Conjur Follower types
We have expanded our data sovereignty capabilities to support all types of Conjur Followers including Conjur Kubernetes Followers and appliance-based Conjur Followers. You can now control how to segregate your secrets per Follower, keeping to the "least privilege" principle and reducing the attack surface in remote environments. You do this by specifying which data to replicate to which Follower, based on the needs of each Follower.
Enhanced FIPS compliance support
We have enhanced our FIPS compliance coverage to include Conjur components as well as third-party components included in Conjur. In addition, you can now view, disable, and enable FIPS mode for your Conjur cluster.
For more information, see FIPS compliance.
OIDC authenticator supports custom CA certificates
The OIDC authenticator in Conjur now supports CA certificate configuration. You can define a custom CA certificate or a certificate chain in the OIDC authenticator's policy to verify the connection with the OIDC provider.
For more information, see OpenID Connect (OIDC) Authenticator.
IAM authenticator supports AWS regional Security Token Service (STS)
We have expanded the IAM authenticator to support AWS regional STS, in addition to supporting the default global STS endpoint (sts.amazonaws.com). The IAM authenticator now validates the AWS token against the STS that generated the token.
For more information, see AWS IAM Authenticator.
Enhanced CyberArk Vault Synchronizer
You can now configure multiple CyberArk Vault Synchronizer instances to synchronize different Safes within a single Vault and a single Conjur cluster.
In addition, CyberArk Vault Synchronizer now supports communication via proxy and can be configured for proxy communication with CyberArk Vault and Conjur clusters.
For more information, see CyberArk Vault Synchronizer.