Skip to content
Releases GitHub

Changelog

Subscribe with RSS

All areas
All changes

Refresh token support for MCP authorization flows

OIDC ID Token and Aembit Access Token Credential Providers now support refresh tokens for MCP Authorization Server flows. This feature applies exclusively to MCP Authorization Server use cases.

What’s new:

  • An Enable Refresh Token Support option on OIDC ID Token and Aembit Access Token Credential Providers.
  • An Absolute Token Lifetime setting that controls how long refresh tokens remain valid for exchanging for new access tokens after initial issuance.
  • Refresh tokens are single-use. Each exchange returns a new refresh token.

When enabled, the MCP Authorization Server returns refresh tokens alongside access tokens during OAuth token requests. MCP clients can exchange a refresh token for a new access token and a new refresh token, maintaining an active session without completing a new authorization flow. Other credential flows, such as Agent Proxy, are not affected by this setting.

To use this feature, edit your Credential Provider, toggle Enable Refresh Token Support to on, and set the Absolute Token Lifetime.

For details, see Token refresh, OIDC ID Token, and Aembit Access Token.

Tags:

MCP Identity Gateway 1.30 release

Aembit has released MCP Identity Gateway version 1.30.4549.

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • The Gateway now authenticates requests before proxying them to upstream MCP servers (new default behavior)
  • Tool annotations are included in MCP responses
  • The Gateway returns HTTP 405 for GET requests to the MCP endpoint
  • Unauthorized (401) responses now include additional metadata for easier troubleshooting
  • Errors from upstream MCP servers are forwarded to MCP clients
  • The Gateway honors the AEMBIT_TRUSTED_ISSUER_DOMAINS environment variable for trusted issuer configuration
  • A new metrics endpoint provides Gateway operational metrics on a configurable port
  • Improved compatibility with Claude Desktop and other MCP clients
  • Improved handling of MCP servers that don’t support resources
  • General improvements to session management, installer reliability, and internal performance
Tags:

MCP Authorization Server now supports unauthenticated flows

Aembit’s MCP Authorization Server now supports OAuth flows that don’t require end-user authentication. This enables use cases like ChatGPT apps and other MCP integrations where user sign-in isn’t needed or desired.

What’s new:

  • An Enforce SSO option on Client Workloads with the Redirect URI identifier type. Enforce SSO is on by default, preserving the current behavior of requiring user authentication.
  • When Enforce SSO is on, a multi-select dropdown lets you choose which SSO identity providers appear on the MCP authentication page. By default, all configured identity providers are selected.
  • When Enforce SSO is off, the MCP Authorization Server issues access tokens without redirecting users to an identity provider. No Trust Provider is needed, but a Credential Provider is still required.
  • Access Policies still apply as an authorization control. You can turn off policies or entities to block token issuance.

To use this feature, edit your Client Workload, select the Redirect URI client identifier, and configure Enforce SSO under MCP Authorization Configuration.

For details, see Authentication support and MCP Authorization Server architecture.

Tags:

MCP Identity Gateway now supports MCP resources

Aembit has released MCP Identity Gateway version 1.29.4419.

Key Updates:

  • MCP resource support for the Identity Gateway

The MCP Identity Gateway now proxies MCP resource requests in addition to tool requests. MCP servers that expose resources (such as files, database schemas, or application data) are now accessible through the Gateway with the same identity-aware access policies, credential isolation, and audit logging that govern tool invocations.

What’s new:

  • resources/list discovers available resources across all assigned MCP servers. The Gateway fans out the request and aggregates results from all connected servers.
  • resources/read retrieves a specific resource by URI from the appropriate MCP server.

No action required. Resource support is available automatically after upgrading to MCP Identity Gateway 1.29.4419. Your existing access policies, Trust Providers, and Credential Providers apply to resource requests with no configuration changes.

For details, see MCP resource support.

Tags:

Edge components release with S3 stability and OpenShift improvements

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • VM Agent Controller package
  • Agent Proxy
  • Agent Controller

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Apply stability improvements for S3 uploads and downloads
  • Improve Helm Chart compatibility across Kubernetes platforms including Red Hat OpenShift (ROSA)
Tags:

Oracle Database support enters beta with new process-based identifiers

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • VM Agent Proxy package
  • VM Agent Controller package
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Injector
  • Agent Proxy
  • Agent Controller

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Oracle Database protocol support (Limited Beta)
  • Support Process Command Line and Process Path client workload identification

Aembit’s Agent Proxy now supports the Oracle Database application protocol in Limited Beta. This enables Aembit to manage access for client workloads connecting to Oracle databases by intercepting the TNS wire protocol and injecting credentials transparently.

Key capabilities:

  • Username/password credential injection for Oracle 19c and 21c databases (12C password verifier only)
  • Support for thin Oracle clients (Java, Python), with experimental thick client support
  • Tested with AWS RDS for Oracle and containerized Oracle environments
  • Transparent steering on Linux VM deployments

For setup instructions, see the Oracle Database Server Workload guide. For an overview of how Oracle protocol support works, see About Oracle Databases.

Aembit’s Agent Proxy now supports Process Command Line and Process Path as Client Workload identifiers. These identifiers allow you to identify client workloads based on their full command line or executable path, providing more granular control over which applications can access your protected resources.

Key capabilities:

  • Process Command Line: Identify workloads by the full command used to start them, including arguments. Supports wildcard matching to target specific arguments (for example, *--env production*).
  • Process Path: Identify workloads by the exact filesystem path of the executable.
  • Combine with other identifiers like Process Name and Process User Name for precise matching.
  • Supports Linux virtual machine deployments.

For configuration details, see Process Command Line and Process Path.

Tags:

MCP Identity Gateway enters beta with MCP Server and component copying

Aembit now offers an MCP Identity Gateway (Beta) that sits between AI agents and MCP servers, enforcing Access Policies, performing secure token exchange, and providing visibility into MCP activity. Deployed on a Linux VM, the Gateway ensures AI agents never hold direct credentials for enterprise systems.

Key capabilities:

  • Proxies MCP traffic with identity-aware policy enforcement
  • Performs secure token exchange using OAuth 2.0 and API key credentials
  • Provides per-user credential management and centralized MCP routing
  • Logs agent identity, user identity, and policy decisions for auditability
  • Fail-closed behavior—denies access by default unless explicitly allowed

For setup instructions and architecture details, see MCP Identity Gateway.

Aembit now provides an MCP Server that enables AI agents and users to query Aembit event logs using structured commands. Built on the Model Context Protocol specification, the MCP Server enables agentic observability and auditability for organizations using Aembit.

Key capabilities:

  • Query audit logs, authorization events, and workload events
  • Integrations with MCP Inspector, Claude Code, GitHub Copilot, and Visual Studio
  • Resource-set-based access scoping for least-privilege access
  • Read-only access—no create, update, or delete operations
  • Full audit trail of all MCP Server queries

For setup and connection guides, see Aembit MCP Server.

Aembit has added a new MCP User-Based Access Token Credential Provider type. This type enables per-user OAuth credentials for MCP servers using the OAuth 2.0 Authorization Code flow. The MCP Identity Gateway manages user-specific tokens when connecting to downstream MCP servers.

Key capabilities:

  • OAuth 2.0 Authorization Code flow with Proof Key for Code Exchange (PKCE) support
  • MCP Server URL discovery with auto-population of OAuth endpoints
  • Per-user credential scoping
  • Token introspection and lifetime management

For configuration details, see MCP User-Based Access Token Credential Provider.

Aembit now supports component copying between Resource Sets. You can replicate Access Policy components—including Client Workloads, Server Workloads, Trust Providers, Credential Providers, and Access Conditions—from one Resource Set to another. You can also copy entire Access Policies with all related components at once.

Key capabilities:

  • Copy individual components or entire Access Policies between Resource Sets
  • Each copy receives a unique identifier while the original remains unchanged
  • Supports environment promotion, regional deployments, and safe experimentation

For details, see About component copying and Copy components.

Tags:

Edge components release with S3 streaming and Secrets Manager improvements

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • Agent Proxy

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Improved AWS S3 upload streaming signature support
  • AWS Secrets Manager Private Network Access username/password credential support (requires Agent Proxy 1.28)

Aembit has improved Agent Proxy’s AWS S3 upload support with enhanced streaming signature handling. Agent Proxy 1.28 addresses limitations from the 1.27 release related to streaming signed payloads.

Key capabilities:

  • Improved handling of aws-chunked content encoding for streaming uploads
  • Better compatibility with AWS SDK streaming operations
  • Enhanced request signing for chunked transfer encoding

For complete documentation, see How Aembit uses AWS SigV4 and SigV4a.

The AWS Secrets Manager Credential Provider with Private Network Access now supports username/password credentials. This extends the PNA capability introduced in Agent Proxy 1.27 to include secrets stored as username/password pairs.

Requirements:

  • Agent Proxy 1.28 or later

For configuration details, see AWS Secrets Manager Credential Provider.

  • VM Agent Proxy package
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Key Updates:

  • Added private network access support for HTTP Basic Auth Credential Providers using AWS Secrets Manager.
  • Added process name and process username as Client Workload Identifiers.
  • Extended AWS S3 support to include all SigV4 headers, enabling required signing type specification.
Tags:

GitHub Action, MCP Authorization Server beta, and Access Policy Builder now available

Aembit now provides an official GitHub Action for injecting credentials into your CI/CD workflows. The action retrieves credentials from Aembit and makes them available to subsequent steps in your workflow.

Key capabilities:

  • Retrieve credentials using workload identity federation with GitHub’s OIDC tokens
  • Support for AWS, Azure, database, and API key credential types
  • Automatic credential masking in workflow logs

For setup instructions, see the GitHub Actions tutorial. For usage examples with different credential types, see the how-to guide.

Aembit now supports Private Network Access (PNA) for the AWS Secrets Manager Credential Provider. This allows your Aembit Edge components (Aembit CLI or Agent Proxy) to retrieve secrets directly from AWS Secrets Manager instances in private networks, such as AWS VPCs with private endpoints.

Key capabilities:

  • Retrieve secrets from AWS Secrets Manager without exposing your VPC to the public internet
  • Works with both Aembit CLI and Agent Proxy deployments
  • No changes required to your existing AWS IAM policies or VPC endpoint configuration

For configuration details, see Private Network Access for Credential Providers and AWS Secrets Manager Credential Provider.

Aembit has released the MCP Authorization Server (beta), which secures Model Context Protocol (MCP) workloads using OAuth 2.1 authorization flows. This enables you to apply Aembit Access Policies to AI agents and MCP clients, controlling which users can access which MCP servers.

Beta feature

The MCP Authorization Server is currently in beta. Contact your Aembit representative to request access.

Key capabilities:

  • OAuth 2.1 authorization code flow implementation for MCP-compliant workloads
  • Dynamic Client Registration support for tools like Claude Desktop and Gemini CLI
  • Integration with OIDC and SAML identity providers for user authentication
  • Access Policies with time and location-based conditions

Aembit has redesigned the Access Policy creation experience with the new Access Policy Builder. The builder provides a card-based interface that guides you through configuring each component of an Access Policy.

Access Policy Builder showing a completed policy configuration

Key capabilities:

  • Visual card-based navigation for policy components
  • Inline creation of Client Workloads, Server Workloads, Trust Providers, and other components
  • Clear indicators for required, recommended, and optional components based on Global Policy Compliance settings

To use the new builder, enable Use new access policy in your user profile preferences. For a walkthrough, see Create an Access Policy.

Tags:

Edge components release with AWS S3 uploads and multiple AWS STS support

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • Agent Proxy
  • AWS Lambda Extension
  • AWS Lambda Layer

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Support AWS S3 upload request workloads
  • Support multiple AWS STS Credential Providers in a single Access Policy via Access Key ID mapping

Aembit’s Agent Proxy now supports AWS S3 file uploads. Agent Proxy transparently handles S3’s complex signing requirements, including detecting client signatures, re-signing requests with injected credentials, and streaming large file uploads.

Key capabilities:

  • Automatic detection of S3 signing methods using the x-amz-content-sha256 header
  • Support for unsigned payloads, streaming signatures, and standard SigV4 signing
  • Transparent credential injection without client-side configuration changes

Known limitations in this release:

For complete documentation and workarounds, see How Aembit uses AWS SigV4 and SigV4a.

Aembit now supports multiple AWS Security Token Service (STS) Credential Providers within a single Access Policy. This feature enables a single Client Workload to access multiple AWS resources, each requiring different IAM roles, without creating separate Access Policies.

Key capabilities:

  • Access Key ID selectors for automatic Credential Provider matching
  • Simplified policy management with multiple AWS STS Credential Providers per Access Policy
  • Seamless credential injection for applications accessing different AWS services

Minimum Edge Component versions required:

  • Agent Proxy 1.27.3865
  • Agent Controller 1.27.2906

For complete documentation, see Using multiple AWS STS Credential Providers.

Aembit has expanded the Server Workload documentation with new guides covering architecture patterns, credential lifecycle management, developer integration, and troubleshooting. These resources help you understand how Aembit manages credentials for your Server Workloads and provide guidance for integrating Aembit into your applications.

New documentation:

New and updated Server Workload guides:

  • NEW Microsoft Entra ID - Authenticate to Entra ID-protected resources using Azure Entra Workload Identity Federation or OAuth interception
  • UPDATED AWS services - Authenticate to AWS services using AWS Security Token Service (STS) Credential Providers and SigV4 signing
Tags:

Azure Key Vault Credential Provider and OIDC SSO now available

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • Agent Proxy
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Injector

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Azure Key Vault Private Network Access: Added support for accessing Azure Key Vault instances configured with private network endpoints
  • Performance Improvements: Enhanced performance for Secure Parameter Exchange (SPE) Postgres database operations
  • Dependency Updates: Updated multiple project dependencies to their latest stable versions
  • Rust and Hyper Upgrade: Upgraded to Rust 1.89.0 and introduced the hyper HTTP library for improved performance and security
  • Logging Enhancements: Internal improvements to logging functionality for better observability and debugging

Aembit has released the new Azure Entra Federation Credential Provider Integration and Azure Key Vault Credential Provider.

Together, they enable you to retrieve secrets from Azure Key Vault directly through Aembit using Azure’s Workload Identity Federation.

The Azure Entra Federation integration leverages OpenID Connect (OIDC) standards to authenticate with Azure Entra without requiring long-lived secrets or static credentials. This allows Aembit to securely access your Azure Key Vault instances using short-lived, federated tokens.

The Azure Key Vault Credential Provider supports:

  • Single value credentials (API keys, tokens)
  • Username/Password credentials
  • Both public and private network access scenarios
  • Policy-driven access controls and centralized auditing

See Azure Entra Federation Credential Provider Integration and Azure Key Vault Credential Provider to learn more.

You can now configure OIDC 1.0 Identity Providers for administrator Single Sign-On (SSO) authentication. This enables you to use OIDC-compliant identity providers such as Okta, Azure AD, and Auth0 to simplify the Aembit Tenant login process for your users. With OIDC support, you can leverage your existing identity infrastructure for secure, standardized authentication to the Aembit administrative console.

For more information, see Create an OIDC Identity Provider.

Tags:

Faster, more reliable Agent Controller cloud detection and attestation

Aembit has applied performance enhancements to Agent Controller in this release, including:

  • improved cloud environment detection and attestation, making Agent Controller onboarding faster and more reliable across AWS and Azure
  • improved logging around TLS-related errors
  • deprecated the AEMBIT_HTTP_DISABLED environment variable (HTTP is now disabled when TLS is enabled)

For the latest available versions of these components, see the Edge Components Supported Versions page.

Tags:

Edge components release with OpenShift support and AWS Secrets Manager private network access

Aembit has updated Aembit Edge Components to include the latest versions of Agent Proxy, Sidecar Init, and the Aembit Helm chart. These updates include support for:

  • Official Red Hat OpenShift and OpenShift Service on AWS (ROSA) support for Agent Proxy and Sidecar Init, including SecurityContextConstraint configurations and deployment best practices. See OpenShift deployment guide.
  • AWS Secrets Manager private network access for Aembit CLI and Agent Proxy.
  • Aembit CLI CrowdStrike support.
  • Enhanced Helm chart with support for custom annotations on Kubernetes resources. See Helm chart configuration options.
  • New guide for managing Agent Injector TLS certificates in Kubernetes deployments. See Managing Agent Injector certificates.
  • Support for volume-mounted certificates in Aembit Edge Components.
  • Security and performance enhancements.

Updated Edge Components:

  • Agent Proxy 1.25.3494
  • Sidecar Init 1.25.127
  • Helm Chart 1.25.494

See Edge Components supported versions for more details.

Aembit has added Private Network Access to the AWS Secrets Manager Credential Provider. This feature allows you to securely access AWS Secrets Manager secrets from Aembit Edge Components running in private networks, such as AWS VPCs, without exposing them to the public internet.

When you enable Private Network Access, the Aembit CLI or Agent Proxy retrieve secrets from AWS Secrets Manager directly, ensuring secure and private access to your secrets.

See AWS Secrets Manager Credential Provider for more details on how to configure this feature.

Tags:

GitLab CI/CD Component, OIDC dynamic claims, and CrowdStrike conditions now available

The Aembit Edge GitLab CI/CD Component is now available to simplify Aembit integration within your pipelines. Find the component in the GitLab CI/CD Catalog and learn how to use it in the component documentation.

The OIDC ID Token Credential Provider now supports dynamic claims, allowing you to extract and use values from OIDC tokens in the credential data. This feature creates personalized and context-aware credentials that reflect the workload’s identity and attributes from their original OIDC token.

See OIDC ID Token Dynamic Claims for more information.

Aembit has added two new Access Conditions for CrowdStrike:

  • MAC Address - Ensures the CrowdStrike Agent Host MAC Address matches the Host MAC Address that Agent Proxy retrieved.
  • Local IP Address - Ensures the CrowdStrike Agent Host Local IP Address matches the Host Local IP Address that Agent Proxy retrieved.

See Create Access Conditions for CrowdStrike to learn how to create Access Conditions for CrowdStrike.

Tags:

Aembit CLI, AWS Secrets Manager, and Jenkins Pipelines now available

Aembit has released the new AWS IAM Role Credential Provider Integration and Secrets Manager Credential Provider. Together, they enable you to retrieve secrets from AWS Secrets Manager directly through Aembit.

See AWS IAM Role Credential Provider Integration and AWS Secrets Manager Credential Provider to learn more.

Aembit has released the Aembit CLI, a command-line interface that allows you to inject credentials into your CI/CD pipelines. Compatible with GitLab, GitHub, and now Jenkins.

Check out the Aembit CLI Guide to get started with the Aembit CLI!
Also, see Aembit Edge on CI/CD services for more information on how to use Aembit CLI with your CI/CD pipelines.

Aembit has released support for Jenkins Pipelines to help you integrate Aembit into your Jenkins CI/CD workflows. This integration allows you to securely retrieve and use Aembit-managed credentials directly in your Jenkins Pipelines, streamlining your CI/CD processes and enhancing security.

Check out Jenkins Pipelines to learn more about how to use Aembit with Jenkins Pipelines.

Aembit now supports Server Workloads with a wildcard hostname.

This enables you to simplify your server workloads in a flexible and well defined manner.

As of Agent Controller version 1.24.xxxx, Aembit has enhanced Agent Controller to automatically close insecure HTTP ports when you enable TLS. This update streamlines security by ensuring only encrypted connections are active.

When you enable TLS, Agent Controller now automatically:

  • Opens Secure Ports: 443 (or 5443 on VMs) and the secure Prometheus port 9091.
  • Closes Insecure Ports: 80 (or 5000 on VMs) and the insecure Prometheus port 9090.

This automation removes the manual step of closing insecure, vulnerable ports, preventing potential misconfigurations and enforcing a more secure, “secure-by-default” posture.

Aembit has applied security enhancements to Agent Controller version 1.24.2485 in this release, including:

  • Disabling insecure HTTP ports when you enable TLS.

Updated Edge Components:

  • Agent Controller

Updated Edge Packages:

  • Helm Chart

  • Terraform ECS module

See Edge Components supported versions for more details.

Tags:

Discovery filtering and OIDC ID Token Trust Provider now available

Aembit has added more advanced filtering options to the Discovered tab for Client and Server Workloads. This enables you to find specific discovered workloads based on the criteria you filter.

Discovered Client Workloads page

Discovered Server Workloads page

See Filtering Discovered Workloads for more info.

Aembit has added the OIDC ID Token Trust Provider. This Trust Provider is Aembit’s solution for authenticating workloads using standard OIDC ID tokens. It validates incoming tokens against specific issuer, audience, and subject claims, giving you maximum flexibility to integrate with virtually any OIDC-compliant identity provider for secure, token-based workload access.

See OIDC ID Token Trust Provider for more info.

Aembit has applied security and performance enhancements to Agent Proxy version 1.24.3324 in this release.

Updated Edge Components:

  • Agent Proxy

Updated Edge Packages:

  • Helm Chart

  • Terraform ECS module

  • AWS Lambda Extension

See Edge Components supported versions for more details.

Tags:
Copyright © 2026. All rights reserved.Privacy PolicyTerms of ServiceTrust CenterContact Aembit