Aembit changelog

Aembit frequently releases new features and updates to improve overall usability and functionality. This page lists each of these updates, with a brief description of what has changed, what you may need to do to use the feature updates, and a link to the Aembit technical documentation where you can go to read more detailed technical documentation for the feature.

April 25, 2025

Aembit has released the new Discovery feature, which automatically identifies workloads across your infrastructure, increasing the visibility, scalability, and access control over your workloads.

Discovery uses Sources to find workloads in your environments—natively through Aembit Edge Discovery and through integrations with services such as Wiz.

See Discovery for full details.

April 24, 2025

Aembit now supports deploying Edge Components on AWS Elastic Kubernetes Service (EKS) using Fargate compute profiles. For details on feature support in this environment, please refer to Aembit’s AWS EKS Fargate deployment guide and product support matrix.

April 22, 2025

For the GitLab Managed Service Account Credential Provider, you can now specify the name of the service account that Aembit creates in GitLab for that Credential Provider.

Additionally, you can now create GitLab Service Account integrations for GitLab.com plans. See Create a GitLab Service Account Integration for a GitLab.com plan

April 21, 2025

Aembit has added the AEMBIT_PASS_THROUGH_TRAFFIC_BEFORE_REGISTRATION Agent Proxy environment variable to enable you to delay the Client Workload Kubernetes pod startup until registration between Agent Proxy and Agent Controller completes. See Delaying pod startup until Agent Proxy has registered for details.

---

Aembit has applied security enhancements and hardening to Agent Proxy in this release.

---

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• VM Agent Proxy package

• Terraform ECS module

• AWS Lambda Extension

See Edge Components supported versions for more details.

April 15, 2025

Agent Controllers now support Allowed TLS Hostname as a configurable field in your Aembit Tenant:

Allowed TLS Hostname serves the same purpose as the AEMBIT_MANAGED_TLS_HOSTNAME Agent Controller environment variable.

Configuring an Allowed TLS Hostname allows you to specify which domain name Aembit Managed TLS includes in the TLS certificate. This makes sure secure connections from your Agent Proxies are only valid when using this exact domain name to reach your Agent Controller, enhancing security without restricting which Agent Proxies can communicate with it.

To configure your Agent Controller with an allowed TLS hostname, see How to create and Agent Controller or Configure Agent Controller TLS with Aembit’s PKI.

April 03, 2025

The Kerberos Trust Provider now supports the attestation of Client Workloads running on Windows Server virtual machines (VMs) joined to Active Directory (AD). See Kerberos Trust Provider for details.

You can now install Agent Controller on Windows Server 2019 and Windows Server 2022 virtual machines. See Agent Controller on Windows Server for details.

March 25, 2025

Introducing Standalone CAs for more granular control over TLS Decrypt management. This feature allows you to create and manage dedicated Certificate Authorities (CAs) that function independently from Aembit’s default Tenant-level certificates.

With Standalone CAs, you can assign CAs directly to specific Client Workloads or Resource Sets, creating isolated trust boundaries and enabling precise management of TLS traffic across different environments. Aembit intelligently selects the appropriate CA using a clear hierarchy: Client Workload level -> Resource Set level -> Tenant level.

To learn more about Standalone CAs, see About Standalone CA for TLS Decrypt.

---

We’ve updated the Deploy Edge Components experience in the Aembit admin UI to streamline how you deploy Aembit Edge Components.

We’ve added deployment guides directly in the Aembit admin UI for each type of deployment such as Kubernetes, Ubuntu Linux, Red Hat Enterprise Linux, or Microsoft. Now when you’re deploying new Aembit Edge Components, you’ll have a guided experience to get you up and running faster.

---

Introducing Credential Provider Integrations, which automate credential lifecycle management for third-party systems. This feature makes sure your workloads always have valid credentials without manual management, enhancing both security and operational efficiency, eliminating manual credential management.

Our new Credential Provider Integrations feature makes this possible by connecting Aembit directly to third-party systems like with the GitLab Service Account integration. The GitLab Service Account integration enables you to create a Managed GitLab Account Credential Provider, which allows you to manage the credential lifecycle of your GitLab service accounts.

This gives you fine-grained control while eliminating the overhead of manual credential management.

March 5, 2025

The Aembit Credential Provider for AWS Security Token Service (STS) now supports the AWS SigV4 and SigV4a request signing protocols. Aembit automatically signs requests to AWS services using SigV4 for regional services or SigV4a for global/multi-region services.

See How Aembit uses AWS SigV4 and SigV4a to learn more and AWS Security Token Service (STS) Federation to configure an AWS STS Credential Provider.

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• VM Agent Proxy package

• Terraform ECS module

• AWS Lambda Extension

See Edge Components supported versions.

March 3, 2025

Restored Agent Proxy termination behavior when you set AEMBIT_SIGTERM_STRATEGY to immediate.

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• VM Agent Proxy package

• AWS Lambda Extension

See Edge Components supported versions.

February 27, 2025

Enhanced Agent Controllers to now serve the entire CA certificate chain instead of just the leaf certificate.

Updated Edge Components:

• Agent Controller

Updated Edge Packages:

• Helm Chart version

• Terraform ECS module version

• VM Agent Controller package

See Edge Components supported versions.

February 25, 2025

Aembit’s Access Condition integration with Wiz now supports Lambda Containers. See Access Condition for Wiz to configure an Access Condition.

February 20, 2025

Aembit now supports accessing HashiCorp Vault Credential Providers that reside on private networks. This allows your colocated Agent Proxy to handle authentication directly instead of Aembit Cloud. See Accessing Vault on private networks for more info.

Aembit now supports Conditional Access for CrowdStrike on Windows. To set up Conditional Access for CrowdStrike on Windows, follow the steps in Access Condition for CrowdStrike.

Aembit now supports the AWS Role Trust Provider on Agent Proxy for ECS Fargate deployments.

Enhanced Vault token header behavior.

Enhanced Agent Proxy initialization on Kubernetes to prevent other processes from interfering and impacting its startup.

Updated Edge Components:

• Agent Proxy

Updated Edge Packages:

• Helm Chart

• Terraform ECS module

• VM Agent Proxy package

• AWS Lambda Extension

See Edge Components supported versions.

February 11, 2025

Aembit now supportsAzure Entra Workload Identity Federation as a Credential Provider. This enables you to automatically obtain credentials through Aembit as a third-party federated Identity Provider (IdP) to securely authenticate with Azure Entra to access your Azure Entra registered applications and managed identities.

Aembit now supports Automatic User Creation triggered by SSO login requests. Aembit has enhanced the Identity Provider configuration page with additional parameters, enabling you to map SAML attributes from your Identity Provider to the user roles defined in your Aembit tenant.

You can now change the leaf certificate lifetime when using the TLS Decrypt feature.

January 28, 2025

Aembit Agent Proxy supports virtual machine deployments for Windows Server 2019 and Windows Server 2022. See Agent Proxy install for details.

December 26, 2024

Aembit Edge components have been updated to include support for RedHat Enterprise Linux (RHEL) 8 and 9 with Security-Enhanced Linux (SELinux). With this improvement, administrators may now add additional layers of security to their system architecture.

For more information on integrating Aembit Edge components with SELinux, please see the SELinux support page.

December 17, 2024

Aembit has added support for defining a SignOn Policy, enabling you to customize the login experience for your users.

For more information, please see the SignOn Policy page.

November 22, 2024

Aembit has released an updated AWS Lambda Extension, enhancing support for Client Workload identification earlier in the Lambda container lifecycle.

For more information, please refer to the AWS Lambda Container Supported Phases.

November 14, 2024

Aembit has released a new, pre-packaged deployment model that enables you to use a Virtual Appliance configuration and setup for deploying Aembit Edge Components in your environment. This virtual appliance image includes both Agent Controller and Agent Proxy bundled together in a single OVA file.

For more detailed information on how to deploy the Aembit Virtual Appliance, please see the Virtual Appliance technical documentation.

October 29, 2024

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

October 28, 2024

Agent Proxy has been updated to include a new environment variable that enables Agent Proxy to monitor network traffic so you can perform detailed debugging if you encounter network traffic errors.

For more detailed information on this feature, please see the Agent Proxy Debug Network Tracing page.

October 25, 2024

The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.

You may now use multiple Trust Provider match rules of the same type (OR-based combinations) in your Terraform Provider configuration.

For more detailed technical information on how to use similar match rule types in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.

October 23, 2024

Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.

The following new features and enhancements have been released:

• Enhanced Access Authorization Events
• Explicit Steering
• Updated Aembit Edge Component Versions

Enhanced Access Authorization Events

Aembit automatically records and collects various types of workload metadata in access authorization events, enabling you to use this information to audit and analyze security events.

The information collected and recorded in these access authorization events has been enhanced to now capture and display additional workload metadata, including VM hostname, IP address, and process name.

For more information on access authorization events, please refer to the following technical documentation pages:

• Access Authorization Events

Explicit Steering

Aembit continues to look for ways to improve the overall user experience in an Aembit environment, while also providing additional functionality and features that enhance this experience. One of these ways is by enabling you to route only specific types of traffic through Aembit, via the explicit steering feature.

With explicit steering, you can now configure Client Workloads to direct only certain types of traffic to the Agent Proxy. This enables you to have more precise control of which traffic is managed by the Agent Proxy.

For more information on the explicit steering feature, please refer to the Explicit Steering page.

Aembit Edge Components Update

Aembit Edge components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Agent Controller
• Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

October 18, 2024

The Aembit Terraform Provider is regularly updated with new features and capabilities to give you additional configuration options.

Aembit now supports both GitLab Job Client Identifiers and GitLab Job Trust Provider types, enabling you to manage Client Workloads in Gitlab using the Aembit Terraform Provider.

For more detailed technical information on how to manage Client Workloads in GitLab using the Aembit Terraform Provider, please see the Aembit Terraform Provider Registry technical documentation.

October 8, 2024

Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.

The following four new major features have been released:

• Terraform Provider support for Access Policies with Multiple Credential Providers
• Admin Dashboard enhancements and improvements
• Exposure of Prometheus-compatible Aembit Edge metrics
• Updated Edge Component Versions

Terraform Provider Support for Access Policies with Multiple Credential Providers

Aembit has released a Terraform Provider update that enables users to add multiple Credential Providers to an Access Policy.

Aembit now supports use cases where the Aembit Terraform Provider can manage Aembit Access Policies associated with individual or multiple Credential Providers.

For more information about this feature, please see the Multiple Credential Providers - Terraform page.

Admin Dashboard Enhancements and Improvements

Aembit continually makes improvements and enhancements to the Admin Dashboard to provide greater visibility and insight into your Aembit environment.

The Admin Dashboard has been updated and enhanced with additional tiles and panels that provide detailed information on Client and Server Workloads, Credential Usage by Type, the number of Access Condition failures based on Access Policies over the past 24 hours, and several other visualizations.

For more information on the Admin Dashboard and these additional panels, please see the Admin Dashboard Overview page.

Exposure of Prometheus-compatible Aembit Edge Metrics

Aembit aims to provides users with the ability to view detailed Aembit Edge metrics and data.

Aembit now exposes Prometheus-compatible metrics which enables users to view, and troubleshoot Aembit Edge components (Agent Proxy, Agent Controller, and Agent Injector), while supporting both Kubernetes and virtual machine deployment models.

For more detailed information on how Aembit exposes Prometheus-compatible metrics, please see the Aembit Edge Prometheus-compatible Metrics page.

Aembit Edge Components Update

Aembit Edge components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Terraform ECS Module
• AWS Lambda Extension
• VM Artifacts
• Agent Controller
• Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

October 1, 2024

Aembit has released improvements to its reporting and logging/auditing capabilities, giving you improved visibility into access authorization events and audit logs. With these enhancements, you can more easily diagnose issues and troubleshoot problems in your environment.

Improved Access Authorization Events and Audit Logging

Improvements have been made to the Aembit tenant’s reporting capabilities and reporting documentation, enabling increased visibility into access authorization events and audit logs. The Aembit technical documentation has also been augmented to assist with using these capabilities.

For more information on these access authorization event and audit log improvements, please see the following pages:

• Access Authorization Events
• Audit Logs

September 30, 2024

Aembit has released two new updates and improvements to Aembit components:

• Agent Controller functionality has been enhanced to enable real-time monitoring and status of Agent Controllers in the Aembit tenant.
• Aembit Edge Components and packages have been updated to the latest versions.

Agent Controller Real-Time Health Status and Health Update

You may now view the real-time health status of Agent Controllers in the Aembit tenant.

For more information on how to check the health status of Agent Controllers, please see the Tenant Health Check page.

Edge Components Update

Aembit Edge components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Terraform ECS Module
• VM Artifacts
• Agent Controller

For the latest available versions of these components, please see the Edge Components Supported Versions page.

September 20, 2024

Aembit Edge components are regularly updated to newer versions to address specific bug fixes and optimize performance of these components.

We recently identified a known issue that was resolved with a new Helm Chart version.

For the latest available versions of these components, please see the Edge Components Supported Versions page.

September 18, 2024

Aembit regularly provides feature and functionality updates to various components to extend capabilities and performance.

Aembit has released a feature improvement that enables you to work with Custom Resource Sets in GitHub Actions and GitLab Jobs CI/CD pipelines.

Custom Resource Set Support for GitHub Actions and GitLab Jobs

For users that would like to implement a CI/CD pipeline solution using Aembit with a custom Resource Set, separate from other workloads, Aembit has introduced Resource Set support for both GitHub Actions and GitLab Jobs.

Aembit supports Workload Identity and Access with GitHub Actions or GitLab Jobs, in your CI/CD workloads and encourages scoping these for appropriate access control. Adding support for Resource Sets in these solutions provides you with additional options and flexibility in best managing and protecting your CI/CD workloads.

For more information on how to configure Resource Sets in GitHub Actions and GitLab Jobs, please see the following pages:

• GitHub Actions
• GitLab Jobs

September 17, 2024

Aembit regularly releases updates to Aembit components and packages to improve overall performance of your environment.

The following updates have been released:

• Aembit Edge Component Updates
• Agent Controller PKI-Based TLS Support for Kubernetes and virtual machines

Aembit Edge Component Updates

Aembit Edge components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Terraform ECS Module
• VM Artifacts
• AWS Lambda Extension

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Agent Controller PKI-Based TLS Support for Kubernetes and virtual machine Deployments

Aembit has extended the Aembit PKI-based Agent Controller TLS functionality beyond just ECS deployment models to include Kubernetes and virtual machine deployments.

• For Kubernetes deployments, if the Customer’s PKI-based Agent Controller is already configured, it will remain unchanged. Otherwise, Aembit’s PKI-based Agent Controller TLS is enabled by default.

• For virtual machine deployments, you need to configure Aembit’s PKI-based Agent Controller TLS manually.

September 5, 2024

Aembit Edge components are updated on a regular basis to include new features, functionality, and package improvements.

Aembit has released new versions of the following components and packages:

• Helm Chart
• Terraform ECS Module
• VM Artifacts
• AWS Lambda
• Agent Proxy

Note

Agent Proxy has been updated to address a specific issue related to idle timeouts for HTTP persistent connections (currently 1 hour). If no new request comes over a connection, the request will be closed by Agent Proxy.

For the latest available versions of these components, please see the Edge Components Supported Versions page.

August 27, 2024

Aembit recently released the following two updates to improve the Aembit user experience:

• The Aembit Tenant UI has been updated with an expanded Admin Dashboard with additional metrics and data.
• Access Policies have been improved to enable users to add multiple Credential Providers to Access Policies.

Updated Admin Dashboard

Aembit has released an updated Admin Dashboard with additional metrics and data you can review when logging into your tenant. You will now see the following metrics displayed from the last 24 hours:

• Client Workloads (Managed)
• Server Workloads (Managed)
• Credentials (Usage By Type)
• Workloads Connections (Managed)

Multiple Service Accounts per Access Policy

Aembit now supports the ability for you to have multiple Credential Providers associated with an Access Policy for specific use cases.

Adding and mapping multiple Credential Providers to an Access Policy can be very useful when you have a single Access Policy, but want to have different Credential Providers associated with that Access Policy.

For example, if you want to have the same Client Workload access the same Server Workload, but use different credentials for different functions, this feature enables you to specify the appropriate Credential Providers for each function on an Access Policy.

For more detailed information on how you can add multiple Credential Providers to an Access Policy, please see the Multiple Credential Providers page.

August 9, 2024

Kubernetes recently introduced support for native sidecar containers. Aembit now leverages this model for the Agent Proxy, where possible.

Aembit now automatically injects the Agent Proxy as a native sidecar, allowing init container Client Workloads.

Note

This change only applies to Kubernetes deployments of version 1.29 and above.

For more information on how you can use Agent Proxy as a sidecar to support init containers, please see the Kubernetes Deployment page.

August 1, 2024

Aembit has released comprehensive API technical documentation for the Aembit API.

With this documentation release, you now have access to a complete library technical content, usage information, and the latest version of the OpenAPI specification, which you can use to learn how to use the Aembit API.

For more detailed information on the Aembit API technical documentation, please see the page.

July 29, 2024

Aembit has released two major enhancements to Aembit Edge Components: Aembit Edge Terraform Module for AWS ECS, and ECS TLS support.

Aembit ECS Terraform Registry

Aembit releases updates to the Aembit ECS Terraform Registry on a regular basis to provide users with additional features and functionality, including improvements to Agent Proxy and Agent Controller.

For more information on the latest ECS Terraform Registry release, please see the Aembit Terraform Registry page.

ECS TLS Support

Aembit has released an ECS deployment enhancement that enable Transport Layer Security (TLS) between the Agent Proxy and Agent Controller using Aembit-provided Private Key Infrastructure (PKI).

Note

There is no option to use your own PKI for ECS deployments.

July 18, 2024

Aembit has released an Aembit Terraform Provider update to the Terraform Registry.

This update includes several improvements and enhancements, including:

• Support for Custom Resource Sets.
• Removal of the deprecated AWS ECS Role Trust Provider (replaced previously by the AWS Role Trust Provider).
• Support for Credential Providers of type OAuth2 Authorization Code.

For more information on these updates and changes, please see the Aembit Terraform Registry page.

July 3, 2024

Aembit now supports dynamically steering only specific traffic to the Agent Proxy.

The dynamic steering feature introduces the ability to restrict this proxied traffic to a specific list of hostnames. When this feature is enabled, only egress traffic to the user-specified hostnames will be proxied. This enables you to have more precise control over which destinations’ traffic is managed by the Agent Proxy.

June 26, 2024

Aembit has released the following two new features that improve Credential Provider support, and additional options for identifying Client Workloads and Trust Provider Match Rules.

OAuth 2.0 Authorization Code Credential Provider Support

Aembit now supports 3-legged OAuth (3LO) workflows to enable applications to request permission from a user to access their account data and act on the user’s behalf via the OAuth 2.0 Authorization Code Credential Provider.

With 3LO support, an application may access services or other applications for which the user has been granted permission.

The following 3rd party services are now supported with OAuth 2.0 Authorization Code Credential Providers:

• Atlassian
• GitLab
• Slack
• GCP BigQuery
• Apigee
• PagerDuty

For more information on configuring OAuth 2.0 Authorization Credential Provider with these 3rd party services, please see the OAuth 2.0 Authorization Code Credential technical documentation page.

Client Workload and Trust Provider Match Rules Support

Aembit now supports more options for identifying Client Workloads and specifying Trust Provider Match Rules, including multiple “or” condition matches and support for wildcards.

June 10, 2024

Aembit has released beta support for the OAuth 2.0 Authorization Code Credential Provider.

Many organizations require Credential Provider support for various 3rd party SaaS services which only support short lived credentials with the OAuth 2.0 Authorization Code Flow. These services included:

• Atlassian
• GitLab
• Slack
• GCP BigQuery
• Apigee
• PagerDuty

This beta release enables users to use 3rd party SaaS services and have short-lived access tokens generated on demand for authentication to APIs that these 3rd party services provide.

For more information on how to configure the OAuth 2.0 Authorization Code Credential Provider to be used with any of these 3rd party services, please see the OAUth 2.0 Authorization Code Credential Provider page.

June 5, 2024

Aembit has released two new feature updates that enhance existing Aembit functionality.

Aembit Containers

All injected Aembit containers are now run as non-root users.

Agent Proxy File Descriptor Limits

Users may configure limits for the number of file descriptors Agent Proxy is allowed to open on a VM. You may configure this number when Agent Proxy is installed (using the AEMBIT_FD_LIMIT flag).

virtual machines

• Default Limit - 65535, set by Agent Proxy installer

• Configuration - This limit is configurable via the AEMBIT_FD_LIMIT environment variable. This value is passed directly to systemd in Agent Proxy’s service file at the time of installation.

• Example - AEMBIT_FD_LIMIT=200000 [...] ./install

Kubernetes

• Default Limit - This limit is inherited from container runtime.

• Configuration - There is no official support without modifying the underlying runtime. For more information on configuring these limits, please see the Kubernetes limits support GitHub thread.

AWS ECS

• Default Limit - 1024

• Configuration - This limit is configurable via the ECS Task Definition API or ECS Dashboard. Please refer to the AWS ECS Developer Guide for more detailed information on how to configure these limits.

AWS Lambda

• Default Limit - 1024

• Configuration - This limit is not configurable. For more information, please refer to the AWS Lambda Developer Guide.

June 4, 2024

Aembit has released an update to support AWS Role-Based Trust Providers.

The ability to create and use different types of Trust Providers in your Aembit environment enables you to have flexibility in how resources are managed. With this enhancement, you now have an additional option when selecting a Trust Provider.

For more information on AWS Role-Based Trust Providers, please see the AWS Role Trust Provider page.

May 30, 2024

Many organizations have certain security requirements that specify which resources should be managed by a group. To address these security needs, Aembit has released a new Resource Sets feature that enables you to determine which groups will have access to various resources.

You may find it necessary to segment management responsibilities for certain entities and resources in your Aembit environment between different individuals and groups for security reasons. To accommodate this requirement, Aembit has released the Resource Sets feature.

Resource Sets enable you to group entities and resources (e.g. Credential Providers, Trust Providers, Identity Providers, etc.) into a single collection and assign specific users to manage these resources.

For more detailed technical information on how to use create and manage Resource Sets, please refer to the Resource Sets technical documentation.

May 15, 2024

In some cases, you may find it necessary to manually shut down Agent Proxy when the main container exits, but a sidecar is still running. Since you may not want to kill the whole job, since it will look like a cancelled job, Aembit now provides a solution that enables you to gracefully terminate the job while allowing the sidecar to still run.

For more detailed information on this feature, please refer to the Agent Proxy Shutdown page.

April 30, 2024

There are many different deployment options you can currently use to deploy Aembit Edge components in your environment, including GitHub Actions, GitLab Jobs, and Kubernetes.

To increase the available deployment options for our users, Aembit now provides support for users who wish to deploy Aembit Edge components to an Amazon Web Services (AWS) Lambda Container.

For more detailed information on how to deploy Aembit Edge components to AWS Lambda Containers, please refer to the AWS Lambda Container technical documentation.

April 23, 2024

Aembit has released two new features on Aembit Cloud:

• Access Condition support for Geographic IP (GeoIP) restrictions
• Log Stream support for streaming to Google Cloud Storage Buckets

Aembit GeoIP Access Conditions

You may now configure and add Aembit GeoIP conditions in your Aembit Cloud Tenant. This new Access Condition type enables you to explicitly designate which countries/regions will have access to Server Workloads from policy-enabled Client Workloads.

For more information on this feature, please refer to the Access Conditions for GeoIP Restriction page.

Google Cloud Storage Bucket Log Streams

Aembit now supports Log Streams that target Google Cloud Storage (GCS) Buckets. You may add or configure this new Log Stream destination type in the Administration tab of your Aembit tenant.

For more information on this feature, please refer to the Google Cloud Storage Bucket Log Streams page.

April 8, 2024

Aembit Edge components now support virtual machine deployments to virtual machines running Red Hat 8.9.

April 4, 2024

Aembit now supports GitLab CI/CD Jobs as Client Workloads.

For more information on how to configure GitLabs Jobs with Aembit Client Workloads, please refer to the Script-based Agent page.

March 19, 2024

An issue was identified in the Agent Controller component due to the non-rotation of the public/private key pair used for Kerberos attestation. This issue has been resolved by implementing a process by which these private/public key pairs will be automatically rotated when the certificate reaches 80% of its lifespan.

March 12, 2024

Aembit has released a Kerberos Trust Provider that enables the attestation of Client Workloads running in virtual machine environments joined to Active Directory. This attestation method is specifically designed for on-premise deployments where alternative attestation methods, such as AWS or Azure metadata service trust providers, are not available.

For more detailed information on this Kerberos Trust Provider, please refer to the Kerberos Trust Provider technical documentation.

March 11, 2024

Aembit now supports secure communication between Agent Proxy and Agent Controller using Transport Layer Security (TLS) for both Kubernetes and virtual machine deployments.

For more information on how to configure TLS for Agent Controller, please refer to the Configuring TLS for Agent Controller documentation.

March 9, 2024

Aembit has officially released a Terraform Provider to the Hashicorp Terraform Registry.

The Aembit Terraform Provider enables users to manage Aembit Cloud resources using terraform manually or via CI/CD workflows.

For more detailed information about the Aembit Terraform Provider, please see the Aembit Terraform documentation.

February 27, 2024

Aembit now supports SAML/SSO authentication for administrators who wish to simplify the Aembit tenant login process for their users. Instead of requiring a user to enter their username/password credentials every time a user tries to access the Aembit tenant, users will now be able to use a 3rd party SAML SSO Provider (e.g. Google, Okta, Microsoft Entrata) to log into the tenant.

For more information on how to configure Identity Providers using SAML, please see the Configuring Identity Providers technical documentation.

January 31, 2024

Aembit now supports Wiz integration. Using the Wiz Integration API, you can work with both your Aembit Cloud tenant and Wiz to identify customer assets and vulnerabilities.

For more detailed information about the Aembit -> Wiz integration, please refer to the Wiz Integration page on the Aembit technical documentation site.

January 16, 2024

Support for Access Authorization Events

Aembit has now enabled support for Access Authorization Events. Access Authorization Events enable customers to observe credential requests.

Support for Google CloudRun Jobs as Client Workloads

Aembit supports Google CloudRun Jobs as Client Workloads. With this support, you can now:

• authenticate to the Aembit IdP using Attestation with the GCP Cloud Run Job Identity

• request and retrieve a secret from GCP Secret Manager

January 15, 2024

Aembit now supports integration with CrowdStrike. This integration allows you to leverage CrowdStrike’s service to prevent Server Workload access from Client Workloads that do not meet an expected state.

For more information about this integration, please refer to the CrowdStrike Integration page on the Aembit technical documentation site.

January 4, 2024

The Aembit Agent Controller can now be installed in high availability configurations. Because the Agent Controller is a critical Aembit Edge Component that manages Agent Proxy registration and credential acquisition for Aembit Cloud access, HA support was necessary to ensure the continuous availability of the Agent Controller.

For information on installing and configuring Agent Controller in high availability environments, please see the Agent Controller High Availability page.

December 7, 2023

In an effort to ensure only Client Workloads that run in a secure environment can access Server Workloads, Aembit has enabled integrations with CrowdStrike and its CrowdStrike Falcon Sensor. CrowdStrike Falcon Sensor checks multiple items on the virtual machine (VM) to verify the VM is secure.

November 14, 2023

Several new feature updates and additions have been made to improve Aembit user experience. These updates include:

• Admin console multi-factor authentication support
• Edge components VM deployment support

Multi-factor authentication support

Aembit now supports Multi-Factor Authentication (MFA) so users can provide different authentication methods. Users can:

• scan a QR code to configure their compatible authentication application
• retrieve MFA Recovery Codes in case the device or application is unavailable
• view the users who have configured MFA within the Aembit Users view.

Linux-based VM deployment support

Users may now deploy Aembit Edge components to VMs (non-Kubernetes). This feature enables users to have options on how they want to deploy these components.

For more detailed information about this feature, please see the virtual machine Installation page.

October 16, 2023

Aembit has released a new feature for Credential Providers called “Dynamic Claims.” This feature allows you to set the Subject claim and Custom claims with either literal strings or dynamic values when setting up Credential Providers in your Aembit client tenant.

For more detailed information about Dynamic Claims, please refer to Dynamic Claims page

Note

This feature is currently only supported for Vault integration.