Product Enhancements
What's New: Enhancements and Software Version Updates¶
Come here to learn about our latest feature enhancements and software version releases.
TIP
Looking for all of our newest and coolest product capabilities? Check out What's New.
Announcing Workload Identity Federation for GCP¶
13 December 2024
We’re introducing Workload Identity Federation (WIF) authentication for Google Cloud Platform (GCP). WIF simplifies authentication by replacing private key management with short-lived tokens and automated key rotation, enhancing security and compliance. This eliminates private key management overhead, automates key rotation and publication, and improves security with dynamic, short-lived tokens. Learn more
Venafi Control Plane Operator 1.4.0 released¶
9 December 2024
Release 1.4.0 of Venafi Control Plane Operator updates the installable components to the latest stable version. Learn more
Trust Manager 0.14.0 released¶
2 December 2024
Release v0.14.0 of Trust Manager includes support for set-based requirements when selecting namespaces to target with a Bundle, port naming for podMonitor, and the ability for chart users to set labels and/or annotations in the Secret created by the Certificate resources. This release also contains a number of minor bug fixes and dependency updates. Learn more
Istio CSR Driver 0.13.0 released¶
25 November 2024
Release v0.13.0 of the Istio CSR driver includes fixes that expose ALPN in the TLS handshake, and allow the istiodAdditionalDNSNames
Helm value to support wildcard domains. Learn more
Venafi CLI tool 1.15.4 released¶
25 November 2024
Release v1.15.4 updates the default install versions of cert-manager, Approver Policy, and Venafi Kubernetes Agent. Learn more
Approver Policy 0.17.0 released¶
25 November 2024
This release corrects an issue where Approver Policy did not consider the cert-manager issuer group
and kind
defaults when matching policies against cert-manager CertificateRequest
resources. The release also fixes a bug in the Helm chart, and updates a number of dependencies. Learn more
Venafi Kubernetes Agent 1.4.0 released¶
25 November 2024
Release v1.4.0 includes fixes for issues with the Helm chart, and also disables the HTTP compression feature introduced in v1.2.0. Learn more
Venafi CLI tool 1.15.3 released¶
21 November 2024
Release v1.15.3 updates the default install versions of several Venafi Kubernetes components. Learn more
cert-manager 1.16.2 released¶
20 November 2024
This cert-manager 1.16.2 patch release makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data being parsed. This release also updates the version of Go used. Learn more
cert-manager 1.15.4 released¶
19 November 2024
This patch release of cert-manager 1.15 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data being parsed. This release also includes a Route53 bug fix, and a update to the version of Go used. Learn more
cert-manager 1.12.14 released¶
18 November 2024
This patch release of cert-manager 1.12 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data being parsed. This release also patches CVE-2024-5174, although that issue is low severity and is not expected to be relevant to cert-manager. Learn more
Venafi Kubernetes Agent 1.3.0 released¶
14 November 2024
Release v1.3.0 enables the exclusion of annotations and labels in Venafi Control Plane and introduces JSON as a logging format option. For additional details, refer to the documentation. Learn more
Venafi Kubernetes Agent 1.2.0 released¶
31 October 2024
This release includes updates that allow you to diagnose issues with the Venafi Kubernetes Agent by looking at the Kubernetes events attached to its pod. Venafi Kubernetes Agent 1.2.0 now compresses its requests made to the Venafi Control Plane API, reducing network traffic significantly. Learn more
Venafi CLI tool 1.15.2 released¶
30 October 2024
Release v1.15.2 is a patch release that includes an update to the venctl installation cluster connect
command. This release also updates the default install versions of several Venafi Kubernetes components. Learn more
Approver Policy Enterprise 0.19.0 released¶
30 October 2024
This release updates a number of Venafi Kubernetes component versions and other dependencies. Learn more
Trust Manager 0.13.0 released¶
29 October 2024
This release includes a new optional includeAllKeys
field for Secret
and ConfigMap
sources, improvements to reduce the number of encode/decode operations done during a bundle reconciliation, as well as several small bug fixes and assorted dependency updates. Learn more
Approver Policy 0.16.0 released¶
28 October 2024
This release includes Common Expression Language (CEL) validator improvements, and various dependency updates. Learn more
OpenShift Routes 0.7.1 released¶
24 October 2024
This patch release of OpenShift Routes fixes an issue with the renew-before
annotation that was introduced in v0.7.0. Learn more
Google Cloud Platform (GCP) Discovery now available¶
23 October 2024
Introducing the new Google Cloud Platform (GCP) Discovery feature! Gain enhanced visibility into your cloud-native environments by integrating with Venafi Control Plane. Empower your security teams to monitor and manage certificates, ensuring policy compliance and control across your GCP infrastructure. Learn more
Amazon Web Services (AWS) Discovery now available¶¶
23 October 2024
Introducing the new Amazon Web Services (AWS) Discovery feature! Gain enhanced visibility into your cloud-native environments by integrating with Venafi Control Plane. Empower your security teams to monitor and manage certificates, ensuring policy compliance and control across your GCP infrastructure. Learn more
Venafi CLI tool 1.15.1 released¶
15 October 2024
Release v1.15.1 is a patch release that fixes a minor issue with the output of the venctl version
and venctl update
commands. This release also updates the default install version of cert-manager. Learn more
cert-manager 1.16.1 released¶
9 October 2024
This cert-manager 1.16.1 patch release includes fixes several issues, including where cert-manager's ACME ClusterIssuer looks in the wrong namespace for resources required for the issuance, and updates to several Helm values. Learn more
Venafi Connection 0.2.0 released¶
10 October 2024
Release 0.2.0 adds a retry roundtripper to help when temporary networking or 500 errors occur. A new Go feature allows you to receive the bearer token using GET
so you can make HTTP requests directly to TLS Protect Datacenter and Venafi Control Plane. The release also includes a number of dependency updates. Learn more
Venafi Kubernetes Agent 1.1.0 released¶
7 October 2024
This release introduces the reporting of annotations and labels for namespaces and secrets to the Venafi Control Plane. It also exposes readiness and liveness probes, improves validation of Helm chart values, and updates several configuration flags. This release also includes changes and improvements to the Docker image. Learn more
Venafi CLI tool 1.15.0 released¶
4 October 2024
Release v1.15.0 includes an update to the Venafi Manifest tool to support the VENAFI_KUBERNETES_AGENT_CLUSTER_NAME
environment variable, updates the version of Go used, as well as the default install versions of several Venafi Kubernetes components. This release also includes a fix for a minor Venafi Manifest tool bug. Learn more
cert-manager 1.16.0 released¶
3 October 2024
This cert-manager 1.16.0 release contains a whole range of new features, including extended metrics, Venafi Issuer updates, Route53 DNS01 Solver improvements, memory optimization improvements, as well as new updates to aid Helm schema validation. Learn more
OpenShift Routes 0.7.0 released¶
3 October 2024
OpenShift Routes now creates cert-manager Certificate resources instead of creating cert-manager CertificateRequest resources based on the annotations added to the OpenShift Route resource. This release also supports several new annotations. Learn more
Approver Policy 0.15.2 released¶
25 September 2024
This patch release upgrades Go dependencies and tooling. Learn more
OpenShift Routes 0.6.1 released¶
12 September 2024
Release 0.6.1 of OpenShift Routes is a patch release that includes minor updates to the Helm chart and updates several dependencies to the latest stable versions. Learn more
Venafi Control Plane Operator 1.3.0 released¶
12 September 2024
Release 1.3.0 of Venafi Control Plane Operator supports installing OpenShift Routes and Istio CSR components. In addition, all installable components have been updated to the latest stable version. Learn more
Venafi CLI tool 1.14.1 released¶
11 September 2024
Release v1.14.1 includes installation support for OpenShift Routes for cert-manager, as well as improving manifests for Venafi Kubernetes agents which no longer require a Client ID. All generated manifests now include a better comments, to help you to edit or recreate manifests later. This release also adds support for Istio CSR with extra objects defined at manifest generation time, bug fixes and updates the default install versions of several Venafi Kubernetes components. Learn more
Firefly 1.5.0 released¶
9 September 2024
This release adds the option to include a new Helm option that automatically populates the CA when using the cert-manager controller, and defaults SecurityContextConstraints for Red Hat OpenShift. Learn more
Istio CSR Driver 0.12.0 released¶
4 September 2024
Release v0.12.0 of the Istio CSR driver includes support for Istio Ambient mode, and a range of runtime configuration improvements. Learn more
Venafi Kubernetes Agent 1.0.0 released¶
3 September 2024
This release introduces secretless authentication for Venafi Control Plane connections. It also includes improvements to memory usage and logging. Learn more
Firefly 1.4.3 released¶
29 August 2024
This release adds the option to include Firefly's trust anchor certificate in the status.ca
field of cert-manager CertificateRequest
resources, fixes an issue with the Helm chart for deploying Firefly in Kubernetes, and includes a minor improvement to Firefly's handling of HSM availability issues. Learn more
CSI Driver for SPIFFE 0.8.1 released¶
29 August 2024
This release of the CSI driver for SPIFFE updates the csi-node-registrar-version
Helm value to v2.12.0, as well as upgrading a number of other dependencies. Learn more
CSI Driver 0.10.1 released¶
29 August 2024
This release of the CSI driver updates the csi-node-registrar-version
Helm value to v2.12.0, as well as upgrading a number of other dependencies. Learn more
Approver Policy Enterprise 0.18.1 released¶
20 August 2024
This patch release fixes an issue where the dynamic certificate source used by the webhook TLS server failed to detect a root CA approaching expiration, due to a calculation error. The cert-manager and Approver Policy dependencies were also updated in this release. Learn more
Approver Policy 0.15.1 released¶
16 August 2024
This patch release fixes an issue where the dynamic certificate source used by the webhook TLS server failed to detect a root CA approaching expiration, due to a calculation error. Learn more
cert-manager 1.15.3 released¶
16 August 2024
This patch release fixes an issue where the dynamic certificate source used by the webhook TLS server failed to detect a root CA approaching expiration, due to a calculation error. Learn more
cert-manager 1.12.13 released¶
9 August 2024
This patch release addresses the following vulnerabilities: CVE-2024-6104, CVE-2024-24791, CVE-2024-25620, CVE-2024-26147, and CVE-2024-41110. Learn more
Venafi CLI tool 1.13.0 released¶
6 August 2024
Release v1.13.0 now gives you the ability to install Istio CSR with the Venafi CLI tool. Also added in this release are new Helm custom chart repository CA flags for the venctl components kubernetes manifest generate
and venctl components kubernetes apply
commands to indicate the path to PEM-formatted CA bundles used to validate the Helm repository for component charts. The release also updates the version of Go used, and the default install versions of several Venafi Kubernetes components. Learn more
Venafi Control Plane Operator 1.2.1 released¶
2 August 2024
Release 1.2.1 of Venafi Control Plane Operator is a patch release which fixes an issue that caused the log-spam on OpenShift clusters introduced in v1.2.0. Learn more
Istio CSR Driver 0.11.0 released¶
1 August 2024
Release v0.11.0 of the Istio CSR driver further enhances support for runtime configuration, enabling "pure" runtime configuration where the Istio CSR driver can be installed at the same time as cert-manager. It also enables client certificate authentication, which provides an alternative method for workloads to renew their certificates. This release also adds JSON logging capabilities. Learn more
Venafi Control Plane Operator 1.2.0 released¶
29 July 2024
In the Venafi Control Plane Operator 1.2.0 release, you can provide credentials for authenticating with custom Helm repositories. This is implemented for both OCI registries and HTTPS repositories. Learn more
cert-manager 1.15.2 released¶
30 July 2024
This patch release fixes a number of issues, including a fix for an issue with Azure DNS causing panics on authentication errors, and for ACME HTTP01 challenge behavior when using the Gateway API. The release also includes dependency updates. Learn more
Approver Policy Enterprise 0.18.0 released¶
30 July 2024
This release of Approver Policy Enterprise improves the Venafi plugin to retry more quickly in the event of a temporary failure to connect to Venafi API endpoints. It also includes a new JSON logging feature and various bug fixes and security updates. This release updates the Approver Policy dependency to v0.15.0, and the version of Go used for the build to 1.22.5. Learn more
Approver Policy 0.15.0 released¶
26 July 2024
This release sets new default values for the nodeSelector Helm value, and cert-manager Approver Policy webhook server dynamic_source CA duration and leaf certificate duration. This release also includes support for JSON logging, a fix for an issue with duplicate Prometheus scrape targets, as well as dependency updates. Learn more
Firefly 1.4.2 released¶
22 July 2024
This release greatly improves Firefly's handling of transient availability issues with the HSM protecting its signing key. Issuance of certificates will now automatically resume when access to the HSM is restored. Learn more
CSI Driver 0.10.0 released¶
22 July 2024
This release of the CSI driver adds a Prometheus metrics endpoint, and updates csi-node-driver-registrar
and google.golang.org/grpc
. Learn more
CSI Driver for SPIFFE 0.8.0 released¶
22 July 2024
This release of the CSI driver for SPIFFE updates csi-node-driver-registrar
and cert-manager dependencies. Learn more
Trust Manager 0.12.0 released¶
19 July 2024
This release adds support for generating certificates with Helm, and so Trust Manager can now be installed stand-alone without cert-manager (although this is not recommended for production environments). This release also includes support for dual-stack cluster service configuration and more configurability of Trust Manager's leader-election. Learn more
Venafi CLI tool 1.12.0 released¶
18 July 2024
Release v1.12.0 adds new authentication parameters for protected OCI and non-OCI Helm chart repositories. The release also includes changes to the install location of the livenessprobe
and csi-node-driver-registrar
images, and a fix for an issue where the Venafi Connection dependency for Approver Policy Enterprise was not installed by the Venafi Kubernetes Manifest tool. The release also updates the default install versions of several Venafi Kubernetes components. Learn more
Istio CSR Driver 0.10.0 released¶
18 July 2024
Release v0.10.0 of the Istio CSR Driver includes initial support for easier runtime configuration, support for the s390x architecture, and dependency updates. Learn more
Trust Manager 0.11.1 released¶
15 July 2024
This release addresses an issue where the ConfigMap label selector caused unintended updates to trust bundles within ConfigMaps. This release also updates several dependencies. Learn more
Approver Policy Enterprise 0.17.2 released¶
11 July 2024
This patch release of Approver Policy Enterprise fixes an issue introduced in the last release that led to a Helm template call error. Learn more
Venafi Kubernetes Agent 0.1.49 released¶
11 July 2024
This release introduces support for proxies with private certificates, configurable metrics, a fix for an OpenShift deployment error, and enhanced logging for easier troubleshooting. Learn more
Venafi Control Plane Operator 1.1.1 released¶
4 July 2024
The v1.1.1 release includes fixes for a typo in the vcpRegion
key in the VenafiInstall
specification, and a panic that occurred if using a custom image/helm registry. This release also updates the Venafi Kubernetes component version you can install using Venafi Control Plane Operator. Learn more
CSI Driver for SPIFFE 0.7.0 released¶
2 July 2024
This release updates the CSI driver for SPIFFE Helm chart values to add RBAC for OpenShift SecurityContextConstraints. This release also updates several dependencies to newer versions. Learn more
CSI Driver 0.9.0 released¶
27 June 2024
This release updates the CSI driver Helm chart values to include RBAC for OpenShift Learn more
cert-manager 1.15.1 released¶
26 June 2024
This release patches a vulnerability in the Microsoft Azure SDK and in the go-retryablehttp
dependency. Release 1.15.1 also fixes an issue that caused HashiCorp Vault issuer not to retry signing when an error was encountered. Learn more
cert-manager 1.14.7 and 1.12.12 released¶
21 June 2024
These releases were made to patch a vulnerability in the Microsoft Azure SDK. These releases also fix an issue that caused HashiCorp Vault issuer not to retry signing when an error was encountered. Learn more
Venafi Control Plane Operator 1.1.0 released¶
14 June 2024
This release adds new install parameters for several components, and resolves an install issue with Venafi Firefly, Venafi Kubernetes Agent, and CSI driver for SPIFFE installs. Learn more
Approver Policy Enterprise 0.17.1 released¶
12 June 2024
This patch release of Approver Policy Enterprise fixes an issue with an incorrect cert-manager-approver-policy ServiceAccount name. Learn more
Scheduling functionality for AKV Discovery¶
12 June 2024
Effortlessly run your Azure Key Vault provisioning by enabling the scheduling functionality on your machines. Learn more
Venafi Control Plane Operator 1.0.2 released¶
11 June 2024
This patch release adds a new acceptTOS
field for Firely installs, and updates the version of Go used for the build. Learn more
Venafi CLI tool 1.11.0 released¶
6 June 2024
The release updates the default versions of cert-manager and Trust manager that can be installed using the Venafi Manifest tool. It also updates the version of Go used for the build. Learn more
cert-manager 1.15.0 released¶
5 June 2024
This release of cert-manager contains a whole range of new features, including support for the Gateway API, fetching credentials using AssumeRoleWithWebIdentity
, specifying custom key aliases in a JKS Keystore, and support for numeric OID types in LiteralSubject
. cert-manager 0.15.0 also incorporates a number of bug fixes and dependency version updates. This release also contains some breaking changes. Learn more
Trust Manager 0.11.0 released¶
June 3 2024
This release of Trust Manager includes support for JSON logging, as well as some bug fixes and code quality improvements. Learn more
Trust Manager 0.10.1 released¶
29 May 2024
This patch release of Trust Manager fixes an issue with the Go version used for the build. Learn more
Venafi CLI tool 1.10.0 released¶
23 May 2024
Release 1.10.0 of the Venafi CLI tool includes an update to the Venafi Manifest tool so you can use it to now install the cert-manager CSI driver for SPIFFE. This release also includes minor fixes and some updates to installable component versions. Learn more
Venafi Enhanced Issuer 0.14.0 released¶
17 May 2024
This release updates Venafi Enhanced Issuer to use the latest versions of Approver Policy and Venafi Connection. Learn more
Approver Policy Enterprise 0.17.0 released¶
17 May 2024
This release updates Approver Policy Enterprise to use the latest versions of Approver Policy and Venafi Connection. Learn more
CSI Driver for SPIFFE 0.6.0 released¶
16 May 2024
This release introduces the ability to configure an issuer at runtime, and simplifies install with signerName
no longer a requirement. Release 0.6.0 also simplifies how the csi-driver-spiffe-approver
component works which, together with the new runtime issuer configuration feature, makes issuer rotation simpler, safer and less error prone.
Review the release notes as this release also contains some breaking changes. Learn more
Venafi Connection 0.1.0 released¶
15 May 2024
Release 0.1.0 simplifies authentication for Venafi Enhanced Issuer and other components by leveraging the OpenID Connect (OIDC) standard for Venafi Control Plane access. It also delivers more efficient certificate retrieval operation and improved error messaging. Additionally, this release incorporates API field updates and addresses minor bugs. Learn more
Venafi Kubernetes Agent 0.1.48 released¶
14 May 2024
This release adds three new environment variables for working with HTTP proxies to the available Helm values. Learn more
Introducing the NextGen certificate inventory view¶
13 May 2024
Experience the convenience of effortlessly accessing all your machine installations directly from the NextGen Certificate inventory details view. Learn more
Trust Manager 0.10.0 released¶
13 May 2024
Release 0.10.0 of Trust Manager includes updates to use Makefile modules, dependency updates, and minor bug fixes. Release v0.9.0 also upgrades the Go version used to build to 1.22.3. Learn more
Istio CSR Driver 0.9.0 released¶
13 May 2024
Release 0.9.0 of the Istio CSR Driver updates the Go version and its related dependencies. This release also includes minor bug fixes and adds json-schema validation to the Helm chart. Learn more
CSI Driver 0.8.1 released¶
13 May 2024
This patch release of the CSI Driver updates the Go version and its related dependencies. Learn more
Approver Policy 0.14.1 released¶
13 May 2024
This patch release of the Approver Policy updates the Go version and its related dependencies. Learn more
Azure Key Vault (AKV) Discovery now available¶
13 May 2024
Unlock enhanced visibility into your cloud-native environments with the new Azure Key Vault (AKV) Discovery feature. Seamlessly integrate your AKV environments with Venafi Control Plane to empower Security teams with consolidated management and operations. Learn more
Transitioning from 'Machine Identities' to 'Machine Installations'¶
08 May 2024
To enhance clarity in TLS management, we're updating the terminology used in our platform's interface. We will be transitioning from using the term Machine Identities to Machine Installations. The purpose of the Installations tab remains unchanged; here, you can view the status of your installed certificates.
Venafi CLI tool 1.9.0 released¶
8 May 2024
This release updates several flags for improved consistency and clarity. Review the Release Notes to identify potential breaking changes. Learn more
Approver Policy Enterprise 0.16.0 released¶
26 April 2024
Approver Policy Enterprise now accepts all external issuers by default. When using TLS Protect Datacenter, you can remove the revoke privilege from your API Integration with Approver Policy Enterprise. This release also updates the Venafi Connection version to 0.0.20 and the Approver Policy version to 0.13.1. Learn more
Approver Policy 0.14.0 released¶
23 April 2024
Approver Policy now accepts all external issuers by default. Learn more
cert-manager 1.12.10, 1.13.6, and 1.14.5 released¶
25 April 2024
These are patch releases to fix an issue with the DigitalOcean DNS-01 provider, which could cause incorrect DNS records to be deleted when using a domain with a CNAME. The version of golang.org/x/net
was updated on all three release versions. Learn more
Firefly 1.3.4 released¶
16 April 2024
For special cases like Envoy where requests from REST clients are "proxied" to Firefly, certificates can now be requested using REST over Unix Domain Sockets (UDS) to avoid the overhead of networking, TLS, and authentication. Learn more
Venafi CLI tool 1.8.0 released¶
5 April 2024
This release includes new service account authentication and custom integration features, and support for global tolerations, global affinities, and global topology spread constraints. Also included is support for default values for HA deployments for a range of Venafi Kubernetes components, as well as component default version updates. Learn more
Introducing the vsatctl diag
command¶¶
04 April 2024
Introducing the capability to conduct diagnostics on your VSatellites. This tool offers a command-line diagnostic interface specifically designed to troubleshoot your VSatellites. Learn more
Tagging enhancements¶
02 April 2024
This release introduces a new tag management page that displays all tags currently in use within your system. On this page, administrators can add or remove tags, as well as view the number of active certificates associated with each tag.
Venafi Enhanced Issuer 0.13.3 released¶
28 March 2024
This release updates the version of Venafi Connection to 0.0.20, and corrects a Helm chart issue that incorrectly prevented the use of certain affinity
and topologySpreadConstraints
values. Learn more
Venafi Kubernetes Agent 0.1.47 released¶
28 March 2024
This release adds the namespace to the configmap, deployment, and serviceaccount Helm templates, as well as some mitigations for a memory spike issue on start-up. Learn more
CSI Driver 0.8.0 released¶
28 March 2024
This releases includes: Helm chart improvements to make it easier to install and manage CSI Driver; the ability to pass volumeAttributes
along to the CertificateRequest
resource which CSI Driver creates; and an updated CSI Driver DaemonSet
which now includes the default-container
annotation so that kubectl logs
show entries for the CSI Driver container by default. Learn more
Trust Manager 0.9.2 released¶
26 March 2024
This releases fixes a minor issue with the Helm chart schema, and includes an upgrade of google.golang.org/protobuf
to v1.33.0. Learn more
Approver Policy Enterprise 0.15.0 released¶
26 March 2024
This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart, as well as a new priorityClassName
Helm chart value. This release also includes an upgrade of google.golang.org/protobuf
to v1.33.0. Learn more.
Approver Policy 0.13.1 released¶
26 March 2024
This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart, as well as a new priorityClassName
Helm chart value. This release also includes an upgrade of google.golang.org/protobuf
to v1.33.0. Learn more
Venafi Enhanced Issuer 0.13.2 released¶
26 March 2024
This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart. Learn more
Venafi Connection 0.0.20 released¶
26 March 2024
This release includes updates to some key dependencies, and confirms cross-namespace referencing as a product feature (formerly experimental). Learn More
CyberArk Privilege Cloud connector now available in TLS Protect Cloud¶
25 March 2024
The TLS Protect Cloud integration with CyberArk Privilege Cloud allows TLS Protect Cloud to access credentials stored in a CyberArk Privilege Cloud vault when performing functions like provisioning certificates to machines. This allows you to use TLS Protect Cloud to manage the certificate lifecycle on your machines while continuing to use CyberArk Privilege Cloud to manage privileged credentials. Learn more
Discover Now: On-Demand Enhanced Discovery¶
21 March 2024
Take the new Discover Now feature on a test drive! Discover Now is a significant enhancement for PKI administrators, giving you an immediate, on-demand certificate discovery. You no longer need to rely on scheduled certificate discoveries when you need to run an Enhanced Discovery immediately. With a simple click, initiate a discovery for up-to-the-minute results for the specified target machines. Learn more
Firefly 1.3.3 released¶
20 March 2024
Option for Firefly to derive its instance name from environment variables. Learn more
Venafi Kubernetes Agent 0.1.46 released¶
15 March 2024
This release includes a new PodDisruptionBudget
Helm chart value, and the addition of labels for Venafi Enhanced Issuer clusterrole and clusterrolebinding. Learn more
Venafi CLI tool 1.7.0 released¶
14 March 2024
This release includes support for custom OCI registries when connecting a cluster, new apply/delete commands for quick installs of Kubernetes components, new manifest tool template and diff commands, small bug fixes, and component default version updates. Learn more
Trust Manager 0.9.1 released¶
13 March 2024
This release includes a helm chart schema fix for the replicaCount
field to assist further chart templating, as well as updates to support the s390x architecture. Learn more
Venafi Enhanced Issuer 0.13.1 released¶
12 March 2024
This patch release further improves Venafi Enhanced Issuer's security by updating the version of Go used by the product to v1.21.8. Learn more
Venafi Enhanced Issuer 0.13.0 released¶
11 March 2024
You can now annotate the certificate resources in Kubernetes with your team’s mailing list email so that TLS Protect Datacenter warns you when the certificate fails to be renewed or is about to expire. Learn more
TLS Protect Datacenter integration with Venafi Control Plane¶
7 March 2024
This integration allows you to effortlessly connect your TLS Protect Datacenter instance with Venafi Control Plane, and to view all cluster certificates directly within their TLS Protect Datacenter instance. Learn more
cert-manager 1.14.4 released¶
7 March 2024
This release includes support for creating X.509 certificates with Other Name
fields, well as support for creating CA certificates with Name Constraints
and Authority Information Accessors
extensions. Learn more
Trust Manager 0.9.0 released¶
7 March 2024
This release adds support for the s390x architecture for Trust Manager. A new crds.keep
option was added to reduce the risk of losing important data when uninstalling Trust Manager. This release also fixes an issue which broke passwordless PKCS#12 files when read by Java, as well as an issue with certificate deduplication when certs were present in multiple sources. Learn more
Approver Policy Enterprise 0.14.0 released¶
7 March 2024
This release incorporates changes made in Approver Policy 0.13.0, including changes to Helm chart values to prevent accidental deletion of CRDs, and a new PodDisruptionBudget
Helm chart value. Platform engineers can also now set Topology Spread Constraints using Helm chart values. Learn more.
Approver Policy 0.13.0 released¶
6 March 2024
This release sees changes to Helm chart values to prevent accidental deletion of CRDs, as well as a new PodDisruptionBudget
Helm chart value. Platform engineers can also now set Topology Spread Constraints using a Helm chart values. Learn more
Workflow approvals: Continue processing options after an exception¶
27 Feb 2024
When creating or editing a certificate approval workflow, you can now control what happens after a rule with an exception matches a certificate request. You can choose to either continue evaluating other approval rules, or you can choose to stop evaluating other approval rules. Learn more
Oracle Linux version 8 for Common Keystore machines¶
27 February 2024
Oracle Linux version 8 (or later) is now a supported operating system for Common Keystore machines. Learn more
Certificate auto-renewal for Google certificate manager¶
27 February 2024
Certificates provisioned to Google certificate manager will be automatically renewed and provisioned when assigned to an application with auto-renewal enabled. Learn more
Integrate connector into tenant environment¶
27 February 2024
With a tenant-specific connector, tenants can develop exclusive connectors that are inaccessible to others. This allows you to confidently test your connectors in a production environment before releasing them to customers. Learn more
Firefly 1.3.2 released¶
26 February 2024
Security fixes and introduced standard OCI annotations (labels) to the Firefly container image.
Venafi CLI tool 1.6.0 released¶
23 February 2024
This release includes service account creation for Firefly, default version updates for Venafi Kubernetes component installs, FIPS support for CSI Driver installs, as well as adding positional arguments for some commands, and improvements to logging and error messages. Learn more
cert-manager 1.14.3 released¶
23 February 2024
Release 1.14.3 of cert-manager fixes issues with JSON logging and the BER parser. Learn more
Venafi Connection 0.0.19 released¶
22 February 2024
You can now use the short name vc
when interacting with Venafi Connection with kubectl
. Learn more
NextGen Certificate Inventory Preview¶
16 February 2024
Venafi is working on an all-new certificate inventory to make finding and working with certificates faster and easier. This preview shows you how the new certificate inventory will work, but it doesn't yet allow you to take actions on certificates. The classic inventory will be retired once there is feature parity between the inventories. Learn more
Kubernetes Discovery¶
16 February 2024
Venafi Control Plane's Kubernetes Discovery feature is now generally available. Organizations can now integrate their Kubernetes environments with Venafi Control Plane, providing visibility into their cloud-native environments, and helping Security teams achieve consolidated management and operations across both their traditional and cloud-native environments.
Security and Platform teams can easily assess the overall health status of machine identities across their cloud-native environments, and zoom in to understand the specific usage and location of their machine identities. Learn more
Venafi Kubernetes Agent updates¶
9 February 2024
You can now add cluster name and description information to the Venafi Kubernetes Agent helm chart so that you can connect a cluster to Venafi Control Plane without using the UI or the Venafi CLI tool. Learn more
cert-manager CSI driver for SPIFFE 0.5.0 released¶
9 February 2024
The v0.5.0 release of CSI Driver for SPIFFE is the first that is based on cert-manager's Makefile modules system. This release also contains dependency updates, as well as updates to Chart.yaml
properties to add artifacthub.io annotations. Learn more
Venafi CLI tool 1.5.0 released¶
9 February 2024
The Venafi CLI tool has been enhanced to allow you to create service accounts in Venafi Control Plane specifically for Venafi Kubernetes Agents.
This release also includes a new venctl iam service-accounts list
command that allows lists all the service accounts in the Venafi Control Plane, as well as updates to the way that the Venafi Manifest tool deploys cert-manager. Learn more
cert-manager CSI driver 0.7.1 released¶
8 February 2024
Release 0.7.1 of cert-manager CSI driver updates the Chart.yaml
properties and makes minor updates to the README file. Learn more
cert-manager 1.14.2 released¶
8 February 2024
Release 1.14.2 of cert-manager fixes issues with cert-manager CA and SelfSigned issuers, as well as Helm logic in the product. Learn more
Firefly 1.3.1 released¶
7 February 2024
Helm charts for deploying Firefly have been enhanced to support configuring gRPC, GraphQL, and REST API servers. Learn more
Inject additional DNS SANs¶
7 February 2024
When you are creating a certificate, and you are using the option to generate the CSR and private key yourself, you can now add additional DNS SANs entries to the request using TLS Protect Cloud. These SANs entries will be appended to the existing SANs entries in the uploaded CSR. Learn more
Additional Linux support for VSatellite¶
5 February 2024
Oracle Linux 8.x and 9.x, and Rocky Linux 8.x and 9.x are now supported operating systems for VSatellite. This new support gives you more options and flexibility when getting VSatellite up and running in your environment. Learn more
cert-manager 1.14.1 released¶
2 February 2024
cert-manager 1.14.1 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with Other Name fields, and support for creating CA certificates with Name Constraints and Authority Information Accessors extensions. Learn more
JKS Append option for Common Keystore machine¶
30 January 2024
The new Java KeyStores (JKS) append option offers the flexibility to overwrite or append certificates within your JKS Keystore according to your preferences. This functionality enables TLS Protect Cloud to provide multiple certificates to a single JKS store. Learn more
Venafi CLI tool 1.4.0 released¶
25 January 2024
Release 1.4.0 of the Venafi CLI tool adds support for FIPS-compliant versions of Docker images for all Venafi components for Kubernetes. A --use-fips-images
flag has been added to the venctl components kubernetes manifest generate
command to install the desired component using the FIPS-compliant version of the component Docker image. Learn more
Importing certificates from custom CAs via EJBCA¶
19 January 2024
You can now create custom CA connections via EJBCA, and import certificates from the certificate authority either on demand, or on a pre-configured schedule. Learn more
Bulk approval of certificate approvals¶
18 January 2024
When you have a lot of certificates that require approval, it can be time consuming to respond to each of them individually. {{ vc }} now allows you to multi-select approval requests so you can approve multiple certificates at once. Learn more
Venafi CLI tool 1.3.2 released¶
15 January 2024
Release 1.3.2 of the Venafi CLI tool adds a new venctl iam service-accounts show
command for listing all service accounts in the Venafi Control Plane. Learn more
This release also includes changes that improve logging, as well as fixes for some minor bugs.
Certificate auto-renewal for cloud keystores¶
9 January 2024
Certificates provisioned to AWS Certificate Manager and Azure Key Vault will be automatically renewed and provisioned when they are assigned to an application that has auto-renewal enabled. Learn more about auto-renewal.