CyberArk has released a new version of Conjur that reached the 13.0 version.
Besides the usual bugfixes compared to the 12.9, some nice new features have been added:
Conjur followers data segregation: until this version, all the followers contained as default the full replica of all secrets contained in Conjur. Starting from this version, it's possible to define a "replication-set" that defines only a subset of secrets that will be replicated to the desired follower, reducing the possible attack surface, great! Some restrictions and best practices must be considered, so if you are interested, I suggest you read the related documentation page.
Central Policy Manager can manage password rotation policy for Conjur Hosts and Users: CyberArk has released new plugins to permit the management of these passwords directly with CPM. This greatly improves the quality of life for the Admins and CISO. For further details, check this page.
CyberArk Vault Synchronizer improvement: with this update, the default synchronization time has been updated to 1 min instead of the usual 5. This update lets us have an instant sync between Vault and Conjur.
Log in to Conjur using OIDC: this feature was one of the most requested by our customers! With this new release, CyberArk added the capability to log in to the Conjur UI and CLI using OIDC credentials. This permit customers to set up an SSO without adding any new credential. This greatly improves the quality of life for the Admins and CISO. To learn more about OIDC, check this page.
Secrets Provider for Kubernetes supports encoded secret value: if you are using the Kubernetes secrets provider to populate Kubernetes secrets to be consumed from the workloads, not are also supported secrets encoded in base64 inside Conjur. To learn more about this feature, check this page.
With this new Conjur release, Conjur 12.1 goes in EOL, and CyberArk also dropped the support for (aka not tested anymore) OpenShift 4.8,4.9 and Kubernetes 1.22 and 1.23.
Our advice to every Conjur customer is to plan and perform the update!
There are no breaking changes with previous releases, and the bug fixes with some interesting new features make the 13.0 an interesting release!
SIGHUP is an official Cyberark partner with years of hands-on experience in enterprise-grade and mission-critical environments, leading us to become an international Conjur and DevSecOps Centre of Excellence.
To help worldwide Cyberark Conjur customers to improve their adoption journey we developed a shoulder-to-shoulder advisory approach focused on implementing DevSecOps best practices and tools to obtain a better understanding of potential threats, gain deeper control over Conjur clusters, and master all the product features you'll need to succeed in your implementation.
From SIGHUP's daily experience, we developed a solution to give customers overall visibility on Conjur's Cluster status. During the last KubeconEU 2023, we announced the enhanced Observability and Monitoring module for CyberArk Conjur by SIGHUP.
Thanks to this tool, based on Prometheus with Grafana’s dashboards, Conjur customers will obtain a deeper view of the current Conjur Cluster status thanks to a dedicated dashboard, metrics analyzer, and an enhanced monitoring system.
Would you like to discover more about the Observability and Monitoring module for CyberArk Conjur by SIGHUP?
Check out our dedicated page and book a spot with our experts.