What's New
The following changes have been made in KeyControl Version 10.4.1.
For a list of changes made in earlier releases, see
What's New in KeyControl Version 10.4.1
Important: Beginning with KeyControl 10.1, you must install the KeyControl Compliance Manager when you install KeyControl. The KeyControl Compliance Manager is used to onboard and license KeyControl Vaults.
|
Feature |
Description |
Where Documented |
|---|---|---|
|
Updated to Oracle Linux |
Entrust KeyControl now runs on the Entrust-hardened version of Oracle Linux. |
|
|
Support for OIDC with AD in KeyControl Vault Management appliance. |
You can now use OpenID Connect (OIDC) Authentication with Active Directory in the KeyControl Vault Management appliance. |
|
|
Support for OIDC without AD in KeyControl Vault Management appliance. |
You can now use OpenID Connect (OIDC) Authentication without configuring Active Directory in the KeyControl Vault Management appliance. |
|
|
Added support for AWS multi-Region keys. |
AWS multi-Region keys are AWS KMS keys in different AWS Regions that can be used interchangeably. The KeyControl Vault for Cloud Keys now supports using AWS multi-region keys in BYOK. |
|
|
Added support for Azure RBAC |
The KeyControl Vault for Cloud Keys now supports the Azure role-based access control (Azure RBAC) as well as the access policy model authorization system. |
Set Permissions for the BYOK Service by Configuring Each Azure Key Vault |
|
Secondary Approval support for Secrets |
You can now use secondary approval with the KeyControl Vault for Secrets. |
About Secondary Approval |
|
Personal Access Token |
You can now use Personal Access tokens in your KeyControl Vaults that are using OIDC for authentication to use as a password for API and CLI commands. |
Personal Access Tokens |
|
TLS 1.3 and EMS |
Added support for TLS 1.3 and Extended Master Secret (TLS). TLS 1.3 is the default for all new KeyControl installations. |
Configuring TLS |
|
Cluster-wide self-signed certificates |
You can now set KeyControl to use self-signed certificates for all nodes in a cluster. |
Using Self-Signed Certificates for All Nodes in a Cluster |
|
IMDSv2 support |
The KeyControl appliance AMI now only supports Instance Metadata Service (IMDS) version 2 for AWS Cloud. |
N/A |
