Skip to content
Releases GitHub

Changelog

Subscribe with RSS

All areas
All changes

Claude API WIF Credential Provider now available

Aembit now offers a Claude Workload Identity Federation (WIF) Credential Provider. Your workloads can call the Claude API with short-lived tokens that Aembit obtains on their behalf instead of long-lived API keys.

Aembit acts as a trusted OIDC issuer. You register Aembit as a federation issuer in Claude Console. Then, whenever an Access Policy grants a workload access, Aembit exchanges its issued assertion for a short-lived Claude access token.

What’s new:

  • Claude WIF Credential Provider type: Configure the federation rule, organization, service account, and optional workspace from your Claude Console, plus the requested scope and token lifetime.
  • Built-in connection verification: Use Verify to confirm the trust between Aembit and your Claude federation rule before you put the Credential Provider into an Access Policy.
  • Terraform support: Manage the Claude WIF Credential Provider through the Aembit Terraform Provider.

For setup instructions, see Configure a Claude WIF Credential Provider.

Tags:

Edge components release with Aembit CLI and Secrets Operator updates

Aembit has released new versions of the following components and packages:

  • Aembit Secrets Operator
  • Aembit Secrets Operator Helm chart

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • AWS and Kubernetes Trust Provider attestation in Aembit CLI: The aembit credentials get command now supports the AWS Metadata Service, AWS Role, and Kubernetes Service Account Trust Providers. Aembit CLI gathers attestation data from the local environment—instance metadata, an STS GetCallerIdentity request, or the projected service account token—so an externally supplied --id-token isn’t needed for these Trust Providers. The --deployment-model option now accepts vm, kubernetes, ecs_fargate, and lambda_container. The AWS Role Trust Provider requires this option.
  • Aembit Secrets Operator credential type support: Secrets Operator 1.32.322 now retrieves any credential type your Access Policy issues, not just HashiCorp Vault tokens. See Aembit Secrets Operator now supports more credential types.
Tags:

Aembit Secrets Operator now supports more credential types

Aembit Secrets Operator 1.32.322 is now available.

Secrets Operator now retrieves any credential type your Access Policy issues—not just HashiCorp Vault tokens. A new credentialType field on the AembitSecretRefreshSchedule resource selects which Credential Provider type Aembit uses, and the managed Kubernetes Secret mirrors the Aembit Edge API credentials response for that provider.

  • New credentialType field: Choose OAuthToken (the default), ApiKey, UsernamePassword, AwsStsFederation, or GoogleWorkloadIdentityFederation. Each type writes its own Secret data keys—for example, UsernamePassword produces username and password, and AwsStsFederation produces awsAccessKeyId, awsSecretAccessKey, and awsSessionToken. See Credential types and Secret data keys.
  • Backward compatible: Schedules that omit credentialType keep writing a single token key, so existing HashiCorp Vault and cert-manager configurations need no change.
  • Clearer mismatch errors: When credentialType doesn’t match the configured Credential Provider, the schedule reports Aembit Edge API returned a credentials response with no populated fields instead of writing a blank Secret.
  • AWS credential redaction: Secrets Operator redacts the AWS access key, secret access key, and session token values from its debug logs.
Tags:

Edge components release with reliability and CLI enhancements

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • VM Agent Controller package
  • Agent CLI
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Proxy

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • X.509-SVID retrieval through Aembit CLI: The aembit credentials get command now accepts --client-tls-private-key to retrieve a SPIFFE-compliant X.509-SVID certificate from the existing X.509-SVID Credential Provider. You supply a PEM-encoded private key; Aembit CLI generates the certificate signing request locally and returns the signed chain in CLIENT_CERT_CHAIN, and the private key never leaves the local machine.
  • Configurable gRPC keep-alives: Two optional environment variables, AEMBIT_TENANT_GRPC_PING_INTERVAL_SECS and AEMBIT_TENANT_GRPC_PING_TIMEOUT_SECS, let Agent Proxy send keep-alives on its connection to your Tenant so it detects a dead connection and reconnects faster. They’re off by default and useful for networks, such as a Secure Web Gateway, that stall idle connections.
  • CA certificate configuration for the Cloud connection: AGENT_TRUST_PATH again lets you supply a custom CA certificate for the Agent Proxy’s connection to the Aembit Cloud, which is useful when an inspecting proxy terminates TLS on outbound traffic.
  • Configurable HTTP idle timeout on Windows: The Windows installer now exposes AEMBIT_HTTP_IDLE_TIMEOUT_SECS, letting you tune the idle timeout for HTTP/1.1 connections handled by the Agent Proxy.
  • Caching enhancements: Improvements to credential caching across the Agent Proxy and Aembit CLI.
  • Improved upstream proxy diagnostics: When the Agent Proxy can’t reach a configured upstream HTTP proxy, logs now include the full error source chain instead of a generic connection error, making a misconfigured upstream proxy easier to diagnose.
  • General improvements: Stability, robustness, and dependency updates across edge components, including improved hardware-identification handling during process identification on Linux virtual machines.
Tags:

MCP Identity Gateway 1.32.5006 release

Aembit has released MCP Identity Gateway version 1.32.5006.

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • MCP ping support: The Gateway now supports the MCP ping method, responding to client connection-health checks per the MCP specification.
  • Authorization chain in workload events: MCP Identity Gateway workload events now include an ordered authorization chain, the ordered list of authorization-event context IDs behind each request. The chain spans both sides of the proxied connection, carried from the access token on the agent-to-Gateway side and forward through the directive and credential calls on the Gateway-to-MCP-server side, so you can confirm both belong to the same logical request. Take any context ID from the chain and filter your authorization events on it to trace a request end-to-end, from the traffic you observe back to the token, directive, and credential decisions that allowed it.
  • Microsoft Copilot Studio compatibility: Fixed an issue where some tools could fail to load for Microsoft Copilot Studio clients.
  • Health endpoint status: The Gateway’s health endpoint now returns an HTTP 503 status when the Gateway is unhealthy, so orchestrators and load balancers can detect an unhealthy Gateway accurately.
  • More reliable session timing: Session lifetimes now track wall-clock time, so sessions expire and renew correctly across events such as a host suspend and resume.
Tags:

Aembit CLI now retrieves X.509-SVID certificates

Aembit CLI now retrieves SPIFFE-compliant X.509-SVID certificates directly from the X.509-SVID Credential Provider.

Aembit has released new versions of the following components and packages:

  • Aembit CLI

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • X.509-SVID retrieval through Aembit CLI: The aembit credentials get command now accepts --client-tls-private-key to retrieve a SPIFFE-compliant X.509-SVID certificate from the existing X.509-SVID Credential Provider. You supply a PEM-encoded private key; Aembit CLI generates the CSR locally, submits it through the credential retrieval flow, and returns the signed certificate chain in CLIENT_CERT_CHAIN. The private key never leaves the local machine.
Tags:

End-to-end mTLS between Client and Server Workloads with SPIFFE X.509-SVID certificates

Introducing end-to-end mutual TLS (mTLS) between Client Workloads and Server Workloads using SPIFFE-compliant X.509-SVID certificates.

Aembit has released new versions of the following components and packages:

  • Agent Proxy
  • Cloud (Tenant UI + API)
  • EdgeAPI
  • Terraform Provider
  • Helm Chart
  • Terraform ECS module
  • AWS Lambda Extension
  • AWS Lambda Layer

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Agent Proxy outbound mTLS with X.509-SVID: Agent Proxy can now establish outbound mTLS connections to Server Workloads using SPIFFE-compliant X.509-SVID certificates, with no application code changes required.
  • mTLS Authentication method for Server Workloads: A new authentication method, mTLS Authentication with the x509 Certificate scheme, lets Server Workloads validate the client certificate that Agent Proxy presents during the mTLS handshake.
  • X.509-SVID Credential Provider: A new Credential Provider type that issues SPIFFE-compliant X.509 certificates. This release’s Agent Proxy update is what consumes them for outbound mTLS to Server Workloads.

Agent Proxy can now establish outbound mTLS connections to Server Workloads using SPIFFE-compliant X.509-SVID certificates, enabling certificate-based workload-to-workload authentication without application code changes.

What’s new:

  • In-memory private key: Agent Proxy generates an ECDSA key pair in memory for each X.509-SVID certificate. The private key is never written to disk and is never transmitted to Aembit Cloud.
  • Automatic rotation at 80% of certificate lifetime: Agent Proxy refreshes the certificate well before expiration, generating a new key pair on each refresh. In-progress mTLS connections continue using the prior certificate until they close.
  • mTLS Authentication for Server Workloads: A new Server Workload authentication method (mTLS Authentication with the x509 Certificate scheme) lets the Server Workload side validate the X.509-SVID certificate that Agent Proxy presents during the handshake.

For the end-to-end workflow and procedure, see Enable mTLS on a Server Workload. For the authentication-method catalog, see Authentication methods and schemes.

Aembit is introducing a new X.509-SVID Credential Provider type that issues SPIFFE-compliant X.509 certificates to Client Workloads, signed by an Aembit Standalone CA.

What’s new:

  • SPIFFE-compliant identity in the URI Subject Alternative Name (SAN): Every issued certificate embeds the workload’s SPIFFE ID as a URI SAN, so SPIFFE-aware Server Workloads can authenticate the Client Workload during the TLS handshake.
  • Literal or dynamic Subject and SPIFFE ID: Configure either field with a fixed value or with template expressions that resolve at issuance time using workload attestation attributes.
  • Configurable Extended Key Usage: Default to id-kp-clientAuth for outbound mTLS, or add id-kp-serverAuth to use the same certificate as a server credential.
  • Configurable certificate lifetime: Set the lifetime in minutes (default 15). Agent Proxy automatically refreshes the certificate before expiration (typically at 80% of the configured lifetime).

For setup instructions, see Create an X.509-SVID Credential Provider. For concepts and the end-to-end issuance flow, see About the X.509-SVID Credential Provider.

Tags:

Expanded MCP and AI IAM event coverage

Aembit has expanded the event coverage and reporting surfaces for troubleshooting MCP and AI IAM failures:

  • New access.discovery event type: Access Authorization Events now include an access.discovery event that lists the Client Workloads and Server Workloads Aembit Cloud considered during evaluation. Use it to diagnose requests that match no workload or policy, or that match multiple. See Access Discovery events.
  • User identity on MCP Workload Events: MCP Workload Events now include a userId field at application.mcp.userId for flows that involve a human identity, such as MCP Authorization Server flows. The Workload Events view exposes a matching User (MCP App Protocol only) filter for per-user investigations and SIEM scoping.
  • Trust Provider failures emit at Error severity: Trust Provider attestation failures in MCP flows now emit at Error severity rather than warning, so SIEM alerts that watch for Error events catch real authorization failures reliably.
  • Clearer expired-credential explanations: The access.credential event’s reason now identifies which token expired and at which step, making it easier to decide between re-authentication, credential refresh, or Credential Provider reconfiguration.
  • MCP Authorization Tracing view: A new live diagnostic view in the Reporting dashboard surfaces inbound authorization requests at the MCP Identity Gateway in real time, with the redirect URI, resource, matched Client Workload, and policy outcome for each request. See MCP Authorization Tracing.

For an end-to-end investigation flow that uses these reporting surfaces together, see Troubleshoot MCP and AI IAM access.

Tags:

MCP Identity Gateway 1.31.4955 release

Aembit has released MCP Identity Gateway version 1.31.4955.

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Session deletion: Support for deleting MCP sessions, enabling clients to explicitly end MCP Identity Gateway sessions when finished.
  • MCP-level error metrics: New Prometheus metrics expose MCP protocol-level errors, giving operators visibility into request failures at the MCP layer.
  • Application-specific Prometheus metrics: Additional Prometheus metrics scoped to the MCP Identity Gateway application for improved observability.
Tags:

Aembit Secrets Operator now available

Aembit Secrets Operator 1.31.298 is now available.

Secrets Operator is a Kubernetes operator that authenticates to the Aembit platform and synchronizes credentials into Kubernetes Secrets. Applications consume managed secrets the same way they consume any other Kubernetes Secret.

Key capabilities in this release:

  • Kubernetes Service Account authentication: Authenticate using the operator’s in-cluster ServiceAccount token, validated against the cluster’s OIDC endpoint. No per-cluster signing key required. Verified on Amazon EKS and K3s. See Set up Secrets Operator for configuration.
  • OIDC symmetric key authentication: Alternatively, authenticate using OIDC tokens with symmetric key signing (HS256) for custom claims and non-Kubernetes identity scenarios.
  • Proactive credential renewal: Credentials refresh at 80% of their TTL, or sooner when you configure a shorter refreshInterval, ensuring applications always have a valid credential.
  • Multi-namespace install: You can now use the same Helm release name across multiple namespaces on the same cluster without resource name conflicts.
Tags:

MCP Identity Gateway 1.31 release

Aembit has released MCP Identity Gateway version 1.31.

Key Updates:

  • User identity on workload events: The userId field now appears on mcp.request and mcp.response workload events when the MCP client is identified, making it easier to attribute MCP activity to authenticated users in audit reports.
  • Client-initiated session termination: MCP clients can now end their session with the Gateway by sending an HTTP DELETE request to the /mcp endpoint, per MCP specification section 2.5.5. See Session management for the request contract.
Tags:

Dynamic claims now support custom environment variables

Custom environment variables on Agent Proxy and Aembit CLI can now feed into OIDC and JWT-SVID dynamic claims, gated by an explicit allowlist.

What’s new:

  • AEMBIT_ENV_VAR_ALLOWLIST: A new environment variable that defines which custom variables Agent Proxy and Aembit CLI may capture for use in dynamic claims. By default, Agent Proxy and Aembit CLI capture no custom variables.
  • Always-available Kubernetes variables: K8S_POD_NAME, K8S_NAMESPACE, and KUBERNETES_PROVIDER_ID are now usable in dynamic claims regardless of the allowlist.

For setup instructions, see Configure custom environment variables for Agent Proxy. For the dynamic claims expression syntax, see OIDC and JWT-SVID dynamic claims.

Tags:

Edge components release with Oracle GA and HTTP proxy support

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • Agent CLI
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Injector
  • Agent Proxy

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Oracle Application Protocol GA: Oracle Database protocol support is now available for production use, including mid-connection TLS support, improved client error handling, Prometheus metrics for Oracle credential injection events, and internal packet-handling improvements.
  • Upstream HTTP proxy support: Agent Proxy and Aembit CLI now support upstream HTTP proxy configuration for gRPC and Server-Workload-bound HTTP/HTTPS traffic, with NO_PROXY honored.
  • S3 upload size restriction removed: Large file uploads to AWS S3 Log Streams are now supported via streaming AWS chunked signing, removing the previous upload size limit. See How Aembit uses AWS SigV4 and SigV4a for more details.
  • Expanded credential resolver capabilities: Enhanced support for credential provider resolution across deployment types.
  • Dynamic claims from environment variables: Agent Proxy and Aembit CLI can now gather dynamic claims from environment variables, controlled by the AEMBIT_ENV_VAR_ALLOWLIST.
  • CLI enhancements: Aembit CLI adds the --client-workload-id flag and OIDC token expiration validation.
  • General improvements: Numerous stability reliability improvements across edge components.
  • Security upgrades: Security dependency upgrades across edge components.
  • Improved logging and observability: Improved request logging and enhanced error reporting for common failure conditions.
Tags:

Oracle Database now generally available

Oracle Database protocol support is now available for production use.

What’s new:

  • Oracle Database GA: Support for Oracle 19c and 21c is now available for production use. Aembit injects username/password credentials into Oracle TNS connections at authentication time, eliminating static database passwords without modifying your application code.
  • TLS connections: Oracle database connections can now use TLS via the TCP/IP with TLS (TCPS) protocol. You can enable TLS independently on the client-to-proxy and proxy-to-database sides by checking the TLS checkbox on the Port and Forward to Port fields in the Server Workload configuration.
  • Improved Oracle error handling: Agent Proxy now returns clearer ORA-* error messages when Oracle authentication fails, making it easier to diagnose credential injection and configuration issues.
  • Prometheus observability: Oracle credential injection events now appear in the aembit_agent_proxy_credential_injections_total metric with application_protocol="oracleDatabase", so you can monitor Oracle credential operations alongside other supported protocols.

For setup instructions, see Create an Oracle Database Server Workload. For a technical overview, see About Oracle Databases.

Tags:

OAuth 2.0 Authorization Code now uses centralized callback URL

The OAuth 2.0 Authorization Code Credential Provider now uses a centralized callback URL and supports an optional Final Redirect URL that supports custom or embedded integration scenarios.

What’s new:

  • Centralized Callback URL - OAuth 2.0 Authorization Code Credential Providers now use a single, centralized callback URL shared across Credential Providers on your Aembit stack. If you previously registered a per-tenant callback URL with a third-party provider, you don’t need to take any action.
  • Final Redirect URL - A new optional field that redirects users to a specified URL after completing the OAuth authorization flow, instead of returning to the Aembit Credential Provider page. Contact Aembit support to enable this feature.

For details, see OAuth 2.0 Authorization Code Credential Provider.

Tags:

Agent Proxy now honors HTTP proxy environment variables

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Proxy

Agent Proxy now honors HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables. If your network routes outbound traffic through an HTTP proxy, you can configure these environment variables so that Agent Proxy routes its outbound connections through the proxy.

For details, see Agent Proxy environment variables.

For the latest available versions of these components, see the Edge Components Supported Versions page.

Tags:
Copyright © 2026. All rights reserved.Privacy PolicyTerms of ServiceTrust CenterContact Aembit