What's New
The following changes have been made in KeyControl Version 10.4.1.1.
For a list of changes made in earlier releases, see
Important: Beginning with KeyControl 10.1, you must install the KeyControl Compliance Manager when you install KeyControl. The KeyControl Compliance Manager is used to onboard and license KeyControl Vaults.
What's New in KeyControlVersion 10.4.1.1
Release 10.4.1.1 is a cumulative release containing bug fixes and all new features from 10.4.1.
What's New in KeyControl Version 10.4.1
|
Feature |
Description |
Where Documented |
|---|---|---|
|
Updated to Oracle Linux |
Entrust KeyControl now runs on the Entrust-hardened version of Oracle Linux. |
|
|
Support for OIDC with AD in KeyControl Vault Management appliance. |
You can now use OpenID Connect (OIDC) Authentication with Active Directory in the KeyControl Vault Management appliance. |
|
|
Support for OIDC without AD in KeyControl Vault Management appliance. |
You can now use OpenID Connect (OIDC) Authentication without configuring Active Directory in the KeyControl Vault Management appliance. |
|
|
Added support for AWS multi-Region keys. |
AWS multi-Region keys are AWS KMS keys in different AWS Regions that can be used interchangeably. The KeyControl Vault for Cloud Keys now supports using AWS multi-region keys in BYOK. |
|
|
Added support for Azure RBAC |
The KeyControl Vault for Cloud Keys now supports the Azure role-based access control (Azure RBAC) as well as the access policy model authorization system. |
Set Permissions for the BYOK Service by Configuring Each Azure Key Vault |
|
Secondary Approval support for Secrets |
You can now use secondary approval with the KeyControl Vault for Secrets. |
About Secondary Approval |
|
Personal Access Token |
You can now use Personal Access tokens in your KeyControl Vaults that are using OIDC for authentication to use as a password for API and CLI commands. |
Personal Access Tokens |
|
TLS 1.3 and EMS |
Added support for TLS 1.3 and Extended Master Secret (EMS). TLS 1.3 is the default for all new KeyControl installations. |
Configuring TLS |
|
Cluster-wide self-signed certificates |
You can now set KeyControl to use self-signed certificates for all nodes in a cluster. |
Using Self-Signed Certificates for All Nodes in a Cluster |
|
IMDSv2 support |
The KeyControl appliance AMI now only supports Instance Metadata Service (IMDS) version 2 for AWS Cloud. |
N/A |
