Skip to content
Releases GitHub

Changelog — Agent Controller Enhancements

Subscribe with RSS

Agent Controller
Enhancement
Clear all

Edge components release with reliability and CLI enhancements

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • VM Agent Controller package
  • Agent CLI
  • AWS Lambda Extension
  • AWS Lambda Layer
  • Agent Proxy

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • X.509-SVID retrieval through Aembit CLI: The aembit credentials get command now accepts --client-tls-private-key to retrieve a SPIFFE-compliant X.509-SVID certificate from the existing X.509-SVID Credential Provider. You supply a PEM-encoded private key; Aembit CLI generates the certificate signing request locally and returns the signed chain in CLIENT_CERT_CHAIN, and the private key never leaves the local machine.
  • Configurable gRPC keep-alives: Two optional environment variables, AEMBIT_TENANT_GRPC_PING_INTERVAL_SECS and AEMBIT_TENANT_GRPC_PING_TIMEOUT_SECS, let Agent Proxy send keep-alives on its connection to your Tenant so it detects a dead connection and reconnects faster. They’re off by default and useful for networks, such as a Secure Web Gateway, that stall idle connections.
  • CA certificate configuration for the Cloud connection: AGENT_TRUST_PATH again lets you supply a custom CA certificate for the Agent Proxy’s connection to the Aembit Cloud, which is useful when an inspecting proxy terminates TLS on outbound traffic.
  • Configurable HTTP idle timeout on Windows: The Windows installer now exposes AEMBIT_HTTP_IDLE_TIMEOUT_SECS, letting you tune the idle timeout for HTTP/1.1 connections handled by the Agent Proxy.
  • Caching enhancements: Improvements to credential caching across the Agent Proxy and Aembit CLI.
  • Improved upstream proxy diagnostics: When the Agent Proxy can’t reach a configured upstream HTTP proxy, logs now include the full error source chain instead of a generic connection error, making a misconfigured upstream proxy easier to diagnose.
  • General improvements: Stability, robustness, and dependency updates across edge components, including improved hardware-identification handling during process identification on Linux virtual machines.
Tags:

Edge components release with S3 stability and OpenShift improvements

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS module
  • VM Agent Proxy package
  • VM Agent Controller package
  • Agent Proxy
  • Agent Controller

For the latest available versions of these components, see the Edge Components Supported Versions page.

Key Updates:

  • Apply stability improvements for S3 uploads and downloads
  • Improve Helm Chart compatibility across Kubernetes platforms including Red Hat OpenShift (ROSA)
Tags:

Faster, more reliable Agent Controller cloud detection and attestation

Aembit has applied performance enhancements to Agent Controller in this release, including:

  • improved cloud environment detection and attestation, making Agent Controller onboarding faster and more reliable across AWS and Azure
  • improved logging around TLS-related errors
  • deprecated the AEMBIT_HTTP_DISABLED environment variable (HTTP is now disabled when TLS is enabled)

For the latest available versions of these components, see the Edge Components Supported Versions page.

Tags:

Aembit CLI, AWS Secrets Manager, and Jenkins Pipelines now available

Aembit has released the new AWS IAM Role Credential Provider Integration and Secrets Manager Credential Provider. Together, they enable you to retrieve secrets from AWS Secrets Manager directly through Aembit.

See AWS IAM Role Credential Provider Integration and AWS Secrets Manager Credential Provider to learn more.

Aembit has released the Aembit CLI, a command-line interface that allows you to inject credentials into your CI/CD pipelines. Compatible with GitLab, GitHub, and now Jenkins.

Check out the Aembit CLI Guide to get started with the Aembit CLI!
Also, see Aembit Edge on CI/CD services for more information on how to use Aembit CLI with your CI/CD pipelines.

Aembit has released support for Jenkins Pipelines to help you integrate Aembit into your Jenkins CI/CD workflows. This integration allows you to securely retrieve and use Aembit-managed credentials directly in your Jenkins Pipelines, streamlining your CI/CD processes and enhancing security.

Check out Jenkins Pipelines to learn more about how to use Aembit with Jenkins Pipelines.

Aembit now supports Server Workloads with a wildcard hostname.

This enables you to simplify your server workloads in a flexible and well defined manner.

As of Agent Controller version 1.24.xxxx, Aembit has enhanced Agent Controller to automatically close insecure HTTP ports when you enable TLS. This update streamlines security by ensuring only encrypted connections are active.

When you enable TLS, Agent Controller now automatically:

  • Opens Secure Ports: 443 (or 5443 on VMs) and the secure Prometheus port 9091.
  • Closes Insecure Ports: 80 (or 5000 on VMs) and the insecure Prometheus port 9090.

This automation removes the manual step of closing insecure, vulnerable ports, preventing potential misconfigurations and enforcing a more secure, “secure-by-default” posture.

Aembit has applied security enhancements to Agent Controller version 1.24.2485 in this release, including:

  • Disabling insecure HTTP ports when you enable TLS.

Updated Edge Components:

  • Agent Controller

Updated Edge Packages:

  • Helm Chart

  • Terraform ECS module

See Edge Components supported versions for more details.

Tags:

Improved Agent Controller TLS reporting and environment variable logging

Aembit has released a new version of Agent Controller, version 1.23.2263, with the following changes:

  • Enhanced TLS certificate status reporting with improved retry and error handling.

  • Added comprehensive logging for environment variable configuration with sensitive data masking for secure review.

Updated Edge Components:

  • Agent Controller

Updated Edge Packages:

  • Helm Chart

  • VM Agent Controller package

  • Terraform ECS module

See Edge Components supported versions for more details.

Tags:

Allowed TLS Hostname now configurable for Agent Controller

Agent Controllers now support Allowed TLS Hostname as a configurable field in your Aembit Tenant:

Create an Agent Controller with TLS Hostname field

Allowed TLS Hostname serves the same purpose as the AEMBIT_MANAGED_TLS_HOSTNAME Agent Controller environment variable.

Configuring an Allowed TLS Hostname allows you to specify which domain name Aembit Managed TLS includes in the TLS certificate. This makes sure secure connections from your Agent Proxies are only valid when using this exact domain name to reach your Agent Controller, enhancing security without restricting which Agent Proxies can communicate with it.

To configure your Agent Controller with an allowed TLS hostname, see How to create and Agent Controller or Configure Agent Controller TLS with Aembit’s PKI.

Tags:

Real-time Agent Controller health monitoring now available

Aembit has released two new updates and improvements to Aembit components:

  • Agent Controller functionality has been enhanced to enable real-time monitoring and status of Agent Controllers in the Aembit Tenant.
  • Aembit Edge Components and packages have been updated to the latest versions.

Agent Controller Real-Time Health Status and Health Update

You may now view the real-time health status of Agent Controllers in the Aembit Tenant.

For more information on how to check the health status of Agent Controllers, please see the Tenant Health Check page.

Edge Components Update

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

  • Helm Chart
  • Terraform ECS Module
  • VM Artifacts
  • Agent Controller

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

Aembit PKI Agent Controller TLS now available for Kubernetes and virtual machines

Aembit regularly releases updates to Aembit components and packages to improve overall performance of your environment.

The following updates have been released:

  • Aembit Edge Component Updates
  • Agent Controller PKI-Based TLS Support for Kubernetes and virtual machines

Aembit Edge Component Updates

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

  • Helm Chart
  • Terraform ECS Module
  • VM Artifacts
  • AWS Lambda Extension

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Agent Controller PKI-Based TLS Support for Kubernetes and virtual machine Deployments

Aembit has extended the Aembit PKI-based Agent Controller TLS functionality beyond just ECS deployment models to include Kubernetes and virtual machine deployments.

  • For Kubernetes deployments, if the Customer’s PKI-based Agent Controller is already configured, it will remain unchanged. Otherwise, Aembit’s PKI-based Agent Controller TLS is enabled by default.

  • For virtual machine deployments, you need to configure Aembit’s PKI-based Agent Controller TLS manually.

Tags:

Aembit Edge Terraform module and ECS TLS support now available

Aembit has released two major enhancements to Aembit Edge Components: Aembit Edge Terraform Module for AWS ECS, and ECS TLS support.

Aembit ECS Terraform Registry

Aembit releases updates to the Aembit ECS Terraform Registry on a regular basis to provide users with additional features and functionality, including improvements to Agent Proxy and Agent Controller.

For more information on the latest ECS Terraform Registry release, please see the Aembit Terraform Registry page.

ECS TLS Support

Aembit has released an ECS deployment enhancement that enable Transport Layer Security (TLS) between the Agent Proxy and Agent Controller using Aembit-provided Private Key Infrastructure (PKI).

There is no option to use your own PKI for ECS deployments.

Tags:
Copyright © 2026. All rights reserved.Privacy PolicyTerms of ServiceTrust CenterContact Aembit