What's New: Enhancements and Software Version Updates¶

Come here to learn about our latest feature enhancements and software version releases.

Approver Policy 0.14.0 released¶

23 April 2024

Approver Policy now accepts all external issuers by default. Learn more

Approver Policy Enterprise 0.16.0 released¶

26 April 2024

Approver Policy Enterprise now accepts all external issuers by default. When using TLS Protect Datacenter, you can remove the revoke privilege from your API Integration with Approver Policy Enterprise. This release also updates the Venafi Connection version to 0.0.20 and the Approver Policy version to 0.13.1. Learn more

Approver Policy 0.14.0 released¶

23 April 2024

Approver Policy now accepts all external issuers by default. Learn more

Firefly 1.3.4 released¶

16 April 2024

For special cases like Envoy where requests from REST clients are "proxied" to Firefly, certificates can now be requested using REST over Unix Domain Sockets (UDS) to avoid the overhead of networking, TLS, and authentication. Learn more

Venafi CLI tool 1.8.0 released¶

5 April 2024

This release includes new service account authentication and custom integration features, and support for global tolerations, global affinities, and global topology spread constraints. Also included is support for default values for HA deployments for a range of Venafi Kubernetes components, as well as component default version updates. Learn more

Introducing the vsatctl diag command¶¶

04 April 2024

Introducing the capability to conduct diagnostics on your VSatellites. This tool offers a command-line diagnostic interface specifically designed to troubleshoot your VSatellites. Learn more

Tagging enhancements¶

02 April 2024

This release introduces a new tag management page that displays all tags currently in use within your system. On this page, administrators can add or remove tags, as well as view the number of active certificates associated with each tag.

Venafi Enhanced Issuer 0.13.3 released¶

28 March 2024

This release updates the version of Venafi Connection to 0.0.20, and corrects a Helm chart issue that incorrectly prevented the use of certain affinity and topologySpreadConstraints values. Learn more

Venafi Kubernetes Agent 0.1.47 released¶

28 March 2024

This release adds the namespace to the configmap, deployment, and serviceaccount Helm templates, as well as some mitigations for a memory spike issue on start-up. Learn more

CSI Driver 0.8.0 released¶

28 March 2024

This releases includes: Helm chart improvements to make it easier to install and manage CSI Driver; the ability to pass volumeAttributes along to the CertificateRequest resource which CSI Driver creates; and an updated CSI Driver DaemonSet which now includes the default-container annotation so that kubectl logs show entries for the CSI Driver container by default. Learn more

Trust Manager 0.9.2 released¶

26 March 2024

This releases fixes a minor issue with the Helm chart schema, and includes an upgrade of google.golang.org/protobuf to v1.33.0. Learn more

Approver Policy Enterprise 0.15.0 released¶

26 March 2024

This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart, as well as a new priorityClassName Helm chart value. This release also includes an upgrade of google.golang.org/protobuf to v1.33.0. Learn more.

Approver Policy 0.13.1 released¶

26 March 2024

This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart, as well as a new priorityClassName Helm chart value. This release also includes an upgrade of google.golang.org/protobuf to v1.33.0. Learn more

Venafi Enhanced Issuer 0.13.2 released¶

26 March 2024

This release adds new configuration values to allow you to configure HTTP proxies from the Helm chart. Learn more

Venafi Connection 0.0.20 released¶

26 March 2024

This release includes updates to some key dependencies, and confirms cross-namespace referencing as a product feature (formerly experimental). Learn More

CyberArk Privilege Cloud connector now available in TLS Protect Cloud¶

25 March 2024

The TLS Protect Cloud integration with CyberArk Privilege Cloud allows TLS Protect Cloud to access credentials stored in a CyberArk Privilege Cloud vault when performing functions like provisioning certificates to machines. This allows you to use TLS Protect Cloud to manage the certificate lifecycle on your machines while continuing to use CyberArk Privilege Cloud to manage privileged credentials. Learn more

Discover Now: On-Demand Enhanced Discovery¶

21 March 2024

Take the new Discover Now feature on a test drive! Discover Now is a significant enhancement for PKI administrators, giving you an immediate, on-demand certificate discovery. You no longer need to rely on scheduled certificate discoveries when you need to run an Enhanced Discovery immediately. With a simple click, initiate a discovery for up-to-the-minute results for the specified target machines. Learn more

Firefly 1.3.3 released¶

20 March 2024

Option for Firefly to derive its instance name from environment variables. Learn more

Venafi Kubernetes Agent 0.1.46 released¶

15 March 2024

This release includes a new PodDisruptionBudget Helm chart value, and the addition of labels for Venafi Enhanced Issuer clusterrole and clusterrolebinding. Learn more

Venafi CLI tool 1.7.0 released¶

14 March 2024

This release includes support for custom OCI registries when connecting a cluster, new apply/delete commands for quick installs of Kubernetes components, new manifest tool template and diff commands, small bug fixes, and component default version updates. Learn more

Trust Manager 0.9.1 released¶

13 March 2024

This release includes a helm chart schema fix for the replicaCount field to assist further chart templating, as well as updates to support the s390x architecture. Learn more

Venafi Enhanced Issuer 0.13.1 released¶

12 March 2024

This patch release further improves Venafi Enhanced Issuer's security by updating the version of Go used by the product to v1.21.8. Learn more

Venafi Enhanced Issuer 0.13.0 released¶

11 March 2024

You can now annotate the certificate resources in Kubernetes with your team’s mailing list email so that TLS Protect Datacenter warns you when the certificate fails to be renewed or is about to expire. Learn more

TLS Protect Datacenter integration with Venafi Control Plane¶

7 March 2024

This integration allows you to effortlessly connect your TLS Protect Datacenter instance with Venafi Control Plane, and to view all cluster certificates directly within their TLS Protect Datacenter instance. Learn more

Enterprise cert-manager 1.14.4 released¶

7 March 2024

This release includes support for creating X.509 certificates with Other Name fields, well as support for creating CA certificates with Name Constraints and Authority Information Accessors extensions. Learn more

Trust Manager 0.9.0 released¶

7 March 2024

This release adds support for the s390x architecture for Trust Manager. A new crds.keep option was added to reduce the risk of losing important data when uninstalling Trust Manager. This release also fixes an issue which broke passwordless PKCS#12 files when read by Java, as well as an issue with certificate deduplication when certs were present in multiple sources. Learn more

Approver Policy Enterprise 0.14.0 released¶

7 March 2024

This release incorporates changes made in Approver Policy 0.13.0, including changes to Helm chart values to prevent accidental deletion of CRDs, and a new PodDisruptionBudget Helm chart value. Platform engineers can also now set Topology Spread Constraints using Helm chart values. Learn more.

Approver Policy 0.13.0 released¶

6 March 2024

This release sees changes to Helm chart values to prevent accidental deletion of CRDs, as well as a new PodDisruptionBudget Helm chart value. Platform engineers can also now set Topology Spread Constraints using a Helm chart values. Learn more

Workflow approvals: Continue processing options after an exception¶

27 Feb 2024

When creating or editing a certificate approval workflow, you can now control what happens after a rule with an exception matches a certificate request. You can choose to either continue evaluating other approval rules, or you can choose to stop evaluating other approval rules. Learn more

Oracle Linux version 8 for Common Keystore machines¶

27 February 2024

Oracle Linux version 8 (or later) is now a supported operating system for Common Keystore machines. Learn more

Certificate auto-renewal for Google certificate manager¶

27 February 2024

Certificates provisioned to Google certificate manager will be automatically renewed and provisioned when assigned to an application with auto-renewal enabled. Learn more

Integrate connector into tenant environment¶

27 February 2024

With a tenant-specific connector, tenants can develop exclusive connectors that are inaccessible to others. This allows you to confidently test your connectors in a production environment before releasing them to customers. Learn more

Firefly 1.3.2 released¶

26 February 2024

Security fixes and introduced standard OCI annotations (labels) to the Firefly container image.

Venafi CLI tool 1.6.0 released¶

23 February 2024

This release includes service account creation for Firefly, default version updates for Venafi Kubernetes component installs, FIPS support for CSI Driver installs, as well as adding positional arguments for some commands, and improvements to logging and error messages. Learn more

Enterprise cert-manager 1.14.3 released¶

23 February 2024

Release 1.14.3 of Enterprise cert-manager fixes issues with JSON logging and the BER parser. Learn more

Venafi Connection 0.0.19 released¶

22 February 2024

You can now use the short name vc when interacting with Venafi Connection with kubectl. Learn more

NextGen Certificate Inventory Preview¶

16 February 2024

Venafi is working on an all-new certificate inventory to make finding and working with certificates faster and easier. This preview shows you how the new certificate inventory will work, but it doesn't yet allow you to take actions on certificates. The classic inventory will be retired once there is feature parity between the inventories. Learn more

Kubernetes Discovery¶

16 February 2024

Venafi Control Plane's Kubernetes Discovery feature is now generally available. Organizations can now integrate their Kubernetes environments with Venafi Control Plane, providing visibility into their cloud-native environments, and helping Security teams achieve consolidated management and operations across both their traditional and cloud-native environments.

Security and Platform teams can easily assess the overall health status of machine identities across their cloud-native environments, and zoom in to understand the specific usage and location of their machine identities. Learn more

Venafi Kubernetes Agent updates¶

9 February 2024

You can now add cluster name and description information to the Venafi Kubernetes Agent helm chart so that you can connect a cluster to Venafi Control Plane without using the UI or the Venafi CLI tool. Learn more

cert-manager CSI driver for SPIFFE 0.5.0 released¶

9 February 2024

The v0.5.0 release of CSI Driver for SPIFFE is the first that is based on cert-manager's Makefile modules system. This release also contains dependency updates, as well as updates to Chart.yaml properties to add artifacthub.io annotations. Learn more

Venafi CLI tool 1.5.0 released¶

9 February 2024

The Venafi CLI tool has been enhanced to allow you to create service accounts in Venafi Control Plane specifically for Venafi Kubernetes Agents.

This release also includes a new venctl iam service-accounts list command that allows lists all the service accounts in the Venafi Control Plane, as well as updates to the way that the Venafi Manifest tool deploys cert-manager. Learn more

cert-manager CSI driver 0.7.1 released¶

8 February 2024

Release 0.7.1 of cert-manager CSI driver updates the Chart.yaml properties and makes minor updates to the README file. Learn more

Enterprise cert-manager 1.14.2 released¶

8 February 2024

Release 1.14.2 of Enterprise cert-manager fixes issues with cert-manager CA and SelfSigned issuers, as well as Helm logic in the product. Learn more

Firefly 1.3.1 released¶

7 February 2024

Helm charts for deploying Firefly have been enhanced to support configuring gRPC, GraphQL, and REST API servers. Learn more

Inject additional DNS SANs¶

7 February 2024

When you are creating a certificate, and you are using the option to generate the CSR and private key yourself, you can now add additional DNS SANs entries to the request using TLS Protect Cloud. These SANs entries will be appended to the existing SANs entries in the uploaded CSR. Learn more

Additional Linux support for VSatellite¶

5 February 2024

Oracle Linux 8.x and 9.x, and Rocky Linux 8.x and 9.x are now supported operating systems for VSatellite. This new support gives you more options and flexibility when getting VSatellite up and running in your environment. Learn more

Enterprise cert-manager 1.14.1 released¶

2 February 2024

Enterprise cert-manager 1.14.1 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with Other Name fields, and support for creating CA certificates with Name Constraints and Authority Information Accessors extensions. Learn more

JKS Append option for Common Keystore machine¶

30 January 2024

The new Java KeyStores (JKS) append option offers the flexibility to overwrite or append certificates within your JKS Keystore according to your preferences. This functionality enables TLS Protect Cloud to provide multiple certificates to a single JKS store. Learn more

Venafi CLI tool 1.4.0 released¶

25 January 2024

Release 1.4.0 of the Venafi CLI tool adds support for FIPS-compliant versions of Docker images for all Venafi components for Kubernetes. A --use-fips-images flag has been added to the venctl components kubernetes manifest generate command to install the desired component using the FIPS-compliant version of the component Docker image. Learn more

Importing certificates from custom CAs via EJBCA¶

19 January 2024

You can now create custom CA connections via EJBCA, and import certificates from the certificate authority either on demand, or on a pre-configured schedule. Learn more

Bulk approval of certificate approvals¶

18 January 2024

When you have a lot of certificates that require approval, it can be time consuming to respond to each of them individually. {{ vc }} now allows you to multi-select approval requests so you can approve multiple certificates at once. Learn more

Venafi CLI tool 1.3.2 released¶

15 January 2024

Release 1.3.2 of the Venafi CLI tool adds a new venctl iam service-accounts show command for listing all service accounts in the Venafi Control Plane. Learn more

This release also includes changes that improve logging, as well as fixes for some minor bugs.

Certificate auto-renewal for cloud keystores¶

9 January 2024

Certificates provisioned to AWS Certificate Manager and Azure Key Vault will be automatically renewed and provisioned when they are assigned to an application that has auto-renewal enabled. Learn more about auto-renewal.