Skip to content

CyberArk enterprise components for Kubernetes¶

Kubernetes components include:

Component	Description	Latest version	Release date
Approver Policy	A cert-manager approver that approves or denies certificate requests based on policies defined in the certificate request policy custom resource.	v0.23.2	4 March, 2026
cert-manager	An enterprise distribution of cert-manager. The component adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies obtaining, renewing, and using certificates.	v1.20.0	9 March, 2026
cert-manager CSI driver	A storage plugin you deploy into your Kubernetes cluster to honor volume requests specified on Pods.	v0.13.0	9 March, 2026
cert-manager CSI driver for SPIFFE	A Container Storage Interface (CSI) driver plugin for Kubernetes, designed to work alongside cert-manager to deliver SPIFFE SVIDs (Verifiable Identity Documents), in the form of X.509 certificate key pairs, to mounting Kubernetes Pods.	v0.12.0	9 March, 2026
Connection for CyberArk Certificate Manager	Ensures proper authentication between your Kubernetes clusters and Certificate Manager - SaaS. The component offers flexible authentication mechanisms such as bearer tokens or OIDC.	v0.5.2	10 December, 2025
CyberArk Workload Identity Manager	Formerly known as Firefly, a high-performing, lightweight microservice that quickly issues machine identities with no dependencies, fits in globally distributed application architectures, and provides high-speed/high-volume certificate issuance capacity with enterprise trust and policy enforcement.	v1.10.2	17 December, 2025
Discovery Agent	Formerly known as Venafi Kubernetes Agent, this component gathers data for machine identities and other Kubernetes resources, such as ingresses, from Kubernetes clusters connected to Certificate Manager - SaaS. The agent regularly connects to Certificate Manager - SaaS to transmit the collected data for evaluation. After the evaluation, you can view the current status of certificates, ingresses, and cert-manager components in Certificate Manager - SaaS.	1.8.0	16 December, 2025
Enterprise Approver Policy for CyberArk Certificate Manager	The enterprise version of Approver Policy, which enables you to apply certificate policies by connecting your Kubernetes cluster to Certificate Manager - SaaS.	v0.22.2	4 March, 2026
Enterprise Issuer for CyberArk Certificate Manager	A cert-manager issuer that can be either cluster-wide or per namespace. This component enables your clusters to issue certificates from Certificate Manager - SaaS.	v0.18.0	9 March, 2026
Istio CSR driver	An agent that allows you to secure Istio workload and control plane components using cert-manager.	v0.16.0	9 March, 2026
Manifest tool for CyberArk Certificate Manager	The Manifest tool for CyberArk Certificate Manager feature in the CLI tool for CyberArk Certificate Manager is a powerful command-line utility that streamlines the installation of CyberArk Kubernetes components in clusters. The Manifest tool for CyberArk Certificate Manager is released in concert with, and installed as part of, the CLI tool for CyberArk Certificate Manager tool.	v1.27.0	19 January 2026
OpenShift Routes for cert-manager	Provides route support for cert-manager by automatically provisioning certificates for OpenShift routes from any cert-manager issuer, similar to annotating an Ingress or Gateway resource in Kubernetes.	v0.9.0	9 March, 2026
Trust Manager	A Kubernetes operator that manages TLS trust bundles in Kubernetes and OpenShift clusters.	v0.22.0	9 March, 2026

Next steps¶

If you operate any of the CyberArk Kubernetes components, read the following help pages. They provide essential information for installing, upgrading, backing up, and monitoring the CyberArk enterprise components for Kubernetes.