Skip to content

What's new

We're adding new capabilities on a regular basis!

Check back here often for the latest updates: new products, modules, plugins and feature enhancements.

Workflow approvals: Continue processing options after an exception

27 Feb 2024

When creating or editing a certificate approval workflow, you can now control what happens after a rule with an exception matches a certificate request. You can choose to either continue evaluating other approval rules, or you can choose to stop evaluating other approval rules. Learn more

Oracle Linux version 8 for Common Keystore machines

27 February 2024

Oracle Linux version 8 (or later) is now a supported operating system for Common Keystore machines. Learn more

Certificate auto-renewal for Google certificate manager

27 February 2024

Certificates provisioned to Google certificate manager will be automatically renewed and provisioned when assigned to an application with auto-renewal enabled. Learn more

Integrate connector into tenant environment

27 February 2024

With a tenant-specific connector, tenants can develop exclusive connectors that are inaccessible to others. This allows you to confidently test your connectors in a production environment before releasing them to customers. Learn more

Certificate Provisioning for Google Cloud Provider

26 February 2024

You can now enable TLS Protect Cloud to provision new certificates in Google Cloud Provider (GCP) for use with Google services. Learn more

Firefly 1.3.2 released

26 February 2024

Security fixes and introduced standard OCI annotations (labels) to the Firefly container image.

Venafi CLI tool 1.6.0 released

23 February 2024

This release includes service account creation for Firefly, default version updates for Venafi Kubernetes component installs, FIPS support for CSI Driver installs, as well as adding positional arguments for some commands, and improvements to logging and error messages. Learn more

Enterprise cert-manager 1.14.3 released

23 February 2024

Release 1.14.3 of Enterprise cert-manager fixes issues with JSON logging and the BER parser. Learn more

NextGen Certificate Inventory Preview

16 February 2024

Venafi is working on an all-new certificate inventory to make finding and working with certificates faster and easier. This preview shows you how the new certificate inventory will work, but it doesn't yet allow you to take actions on certificates. The classic inventory will be retired once there is feature parity between the inventories. Learn more

Kubernetes Discovery

16 February 2024

Venafi Control Plane's Kubernetes Discovery feature is now generally available. Organizations can now integrate their Kubernetes environments with Venafi Control Plane, providing visibility into their cloud-native environments, and helping Security teams achieve consolidated management and operations across both their traditional and cloud-native environments.

Security and Platform teams can easily assess the overall health status of machine identities across their cloud-native environments, and zoom in to understand the specific usage and location of their machine identities. Learn more

Venafi Kubernetes Agent updates

9 February 2024

You can now add cluster name and description information to the Venafi Kubernetes Agent helm chart so that you can connect a cluster to Venafi Control Plane without using the UI or the Venafi CLI tool. Learn more

cert-manager CSI driver for SPIFFE 0.5.0 released

9 February 2024

The v0.5.0 release of CSI Driver for SPIFFE is the first that is based on cert-manager's Makefile modules system. This release also contains dependency updates, as well as updates to Chart.yaml properties to add annotations. Learn more

Venafi CLI tool 1.5.0 released

9 February 2024

The Venafi CLI tool has been enhanced to allow you to create service accounts in Venafi Control Plane specifically for Venafi Kubernetes Agents.

This release also includes a new venctl iam service-accounts list command that allows lists all the service accounts in the Venafi Control Plane, as well as updates to the way that the Venafi Manifest tool deploys cert-manager. Learn more

cert-manager CSI driver 0.7.1 released

8 February 2024

Release 0.7.1 of cert-manager CSI driver updates the Chart.yaml properties and makes minor updates to the README file. Learn more

Enterprise cert-manager 1.14.2 released

8 February 2024

Release 1.14.2 of Enterprise cert-manager fixes issues with cert-manager CA and SelfSigned issuers, as well as Helm logic in the product. Learn more

Firefly 1.3.1 released

7 February 2024

Helm charts for deploying Firefly have been enhanced to support configuring gRPC, GraphQL, and REST API servers. Learn more

Inject additional DNS SANs

7 February 2024

When you are creating a certificate, and you are using the option to generate the CSR and private key yourself, you can now add additional DNS SANs entries to the request using TLS Protect Cloud. These SANs entries will be appended to the existing SANs entries in the uploaded CSR. Learn more

Additional Linux support for VSatellite

5 February 2024

Oracle Linux 8.x and 9.x, and Rocky Linux 8.x and 9.x are now supported operating systems for VSatellite. This new support gives you more options and flexibility when getting VSatellite up and running in your environment. Learn more

Enterprise cert-manager 1.14.1 released

2 February 2024

Enterprise cert-manager 1.14.1 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with Other Name fields, and support for creating CA certificates with Name Constraints and Authority Information Accessors extensions. Learn more

JKS Append option for Common Keystore machine

30 January 2024

The new Java KeyStores (JKS) append option offers the flexibility to overwrite or append certificates within your JKS Keystore according to your preferences. This functionality enables TLS Protect Cloud to provide multiple certificates to a single JKS store. Learn more

Venafi CLI tool 1.4.0 released

25 January 2024

Release 1.4.0 of the Venafi CLI tool adds support for FIPS-compliant versions of Docker images for all Venafi components for Kubernetes. A --use-fips-images flag has been added to the venctl components kubernetes manifest generate command to install the desired component using the FIPS-compliant version of the component Docker image. Learn more

Importing certificates from custom CAs via EJBCA

19 January 2024

You can now create custom CA connections via EJBCA, and import certificates from the certificate authority either on demand, or on a pre-configured schedule. Learn more

Bulk approval of certificate approvals

18 January 2024

When you have a lot of certificates that require approval, it can be time consuming to respond to each of them individually. {{ vc }} now allows you to multi-select approval requests so you can approve multiple certificates at once. Learn more

Venafi CLI tool 1.3.2 released

15 January 2024

Release 1.3.2 of the Venafi CLI tool adds a new venctl iam service-accounts show command for listing all service accounts in the Venafi Control Plane. Learn more

This release also includes changes that improve logging, as well as fixes for some minor bugs.

Certificate auto-renewal for cloud keystores

9 January 2024

Certificates provisioned to AWS Certificate Manager and Azure Key Vault will be automatically renewed and provisioned when they are assigned to an application that has auto-renewal enabled. Learn more about auto-renewal.

Certificate expiration notifications

20 December 2023

You now have the ability to configure the certificate monitoring service in the UI, and certificate expiration notifications can now be sent via email. Staying aware of certificate expirations significantly reduces the likelihood of certificate-related outages. Learn more

Certificate expiration reports

19 December 2023

To help you stay on top of certificates nearing expiration and recently expired, you can now configure certificate expiration reports. These are CSV-formatted reports that show expiring and recently expired certificates, based on how you configure the report. TLS Protect Cloud emails the reports to specific recipients at an interval that you define. Learn more

Venafi CLI tool 1.3.0 released

15 December 2023

Release 1.3.0 of the Venafi CLI tool adds a new venctl iam service-accounts delete command for deleting service accounts in the Venafi Control Plane. Learn more

This release addresses an issue in the Venafi Kubernetes manifest for the trust-manager. Previously, the generated manifest pulled the open-source image for the default trust package, now the enterprise trust-manager version is used unless another registry is configured.

Firefly 1.3 released

8 December 2023

For special cases like SPIRE where gRPC clients are co-hosted with Firefly, certificates can now be requested using Unix Domain Sockets (UDS) to avoid the overhead of networking, TLS, and authentication. Learn more

We've added an HTTP server endpoint with GET /chain method to Firefly that allows trust managers to obtain the CA certificates applicable to certificates issued by Firefly. Learn more

The timeout for Firefly interactions with Venafi Control Plane has been increased from 10 to 30 seconds to be more tolerant of cases where network latency is not optimal.

Service accounts access to the Venafi OCI registry

8 December 2023

Organizations that use the Venafi Control Plane, and are entitled to TLS Protect for Kubernetes, can get access to Kubernetes components such as enterprise cert-manager, Venafi Enhanced Issuer, and Approver Policy Enterprise. Your organization can use these components to control the certificate lifecycle management on Kubernetes environments efficiently.

Access to components depends on the organization tier. Learn more

Guidelines and metrics for enterprise components

8 December 2023

Platform teams can now implement best practices for installing, upgrading, and backing up TLS Protect for Kubernetes components based on guidelines from the subject matter experts. Learn more

Additionally, operational metrics of the enterprise components are now exposed, and can be consumed by Prometheus and Grafana, supporting platform teams in ensuring high-quality certificate management services. Learn more

Venafi Kubernetes manifests

6 December 2023

To assist platform teams following best practices in managing Kubernetes components, Venafi has improved the Venafi CLI tool to support TLS Protect for Kubernetes manifests. These manifests enable your organization to properly install interdependent Venafi enterprise components for Kubernetes while following GitOps practices. Learn more

Self-updater for Venafi CLI tool

6 December 2023

Starting from version 1.2.0, the Venafi CLI tool enables you to seamlessly and securely update your instance using the self-update feature. Learn more

Certificate Provisioning for Azure Key Vault

6 December 2023

You can now enable TLS Protect Cloud to provision new certificates in Azure Key Vault (AKV) for use with Azure services. Learn more

Re-provision & replace certificate with Amazon ACM

05 December 2023

Now, you have the capability to re-provision or replace an existing certificate in Amazon ACM. These options allow you to modify an existing machine identity (existing installation). Learn more

Provision with A10 Thunder ADC

29 November 2023

You can now provision a certificate to an existing virtual server on your A10 Thunder ADC connectors or use TLS Protect Cloud to create a new virtual server setting. Learn more

Scheduling functionality for Machine Discovery

20 November 2023

Effortlessly run your machine discoveries by enabling the scheduling functionality on your F5 BIG-IP LTM, Microsoft IIS, and VMWare NSX (AVI) machines. Learn more

Certificate Provisioning for Amazon ACM

8 November 2023

You can now enable TLS Protect Cloud to provision new certificates in AWS Certificate Manager (ACM) for use with AWS services. Learn more

Firefly 1.2.1 released

1 November 2023

You can now use gRPC to request certificates using a public key plus Subject and SAN metadata. Learn more

We've also resolved issues involving default key type from policy being ignored and another involving certificate requests with no CN being rejected when policy specified CN as optional.

Certificate auto-renewal and auto-provisioning

11 October 2023

Venafi Control Plane now includes the ability to automatically renew and provision certificates. Automated certificate renewal eliminates the need for manual updates, significantly reducing the risk of service interruptions due to expired certificates. Learn more

Streamlined certificate approval workflow

28 September 2023

We've updated Venafi Control Plane with a streamlined certificate approval process to enhance security and reduce complexity. New features include conditional rules and configurable notifications. Administrators now have greater control, while requesters can expect faster turnarounds. Learn more

Introducing the vsatctl preflight command

25 September 2023

Experience a smoother VSatellite deployment with the new vsatctl preflight command. This tool swiftly checks your environment and prerequisites, streamlining the installation process and enhancing reliability. Learn more

Discover and provision with VMware NSX ALB (AVI)

21 September 2023

You can now provision certificates and perform machine-based discovery for your VMware NSX ALB (AVI) connectors. VMware NSX ALB (AVI) helps users provision certificates to virtual services and facilitates seamless tracking of certificates already deployed to your machines within your environment. Learn more

Provision with Imperva WAF

21 September 2023

You can now provision a certificate to an existing SSL server on your Imperva WAF connectors or use TLS Protect Cloud to create a new SSL virtual server setting. Learn more

Terminology update in Venafi Control Plane

18 September 2023

Within the Venafi Control Plane interface, we've updated our terminology to be more descriptive. The term "Local login", which previously referred to signing in using a username and Control Plane password, will now be referred to as "email sign-in". This change more accurately reflects its function. As we transition, you might still come across references to "Local login". Learn more

Updated certificate terminology

14 September 2023

To enhance clarity in TLS management, we've introduced a new term: "TLS Server Endpoints." This refers to the network locations where certificates are presented, providing details like IP addresses, ports, and server names. Look for the new TLS Server Endpoints page, which replaced "Certificate Installations." Learn more

Improved sign-in experience

12 September 2023

We've enhanced your sign-in experience with new Company Domain URLs and a revamped UI. No action needed on your end! Your tenant will automatically receive a Company Domain URL based on the creator's email domain. For instance, if the creator's email is "," your new URL will be

Non-interactive installation for VSatellite

6 September 2023

VSatellite now supports a non-interactive installation with the --accept-license-agreement flag, streamlining the automation process. This aligns with the Firefly installation method, ensuring a consistent experience. By using this flag, you're accepting the Venafi End User License Agreement. Learn more

Venafi Control Plane EU service region now available

5 September 2023

Venafi Control Plane, TLS Protect Cloud, and Firefly are now available to our European customers, addressing EU data residency requirements and GDPR compliance. This update furthers Venafi's commitment to meeting global business needs and support our growing customer base in Europe.

Firefly 1.2 released

5 September 2023

A new minor version of the Firefly on-prem component has been released. This includes support for Instance Identity Documents from Azure and Google (in addition to AWS), so Firefly now supports all three major cloud providers. Additionally, the End User License Agreement for Firefly is incorporated into the Venafi standard EULA. Please review the Venafi EULA before upgrading. Learn More.

vCert 5.1 enhances certificate management with Playbook

30 August 2023

The latest VCert release introduces a YAML-configurable VCert Playbook for streamlined certificate management and expands issuing capabilities via Firefly in both SDK and CLI. This enables users to configure certificate requests, renewals, and TLS server endpoints via Playbook. Learn more

Machine discovery (F5 BIG-IP LTM & Microsoft IIS integration)

17 August 2023

With TLS Protect Cloud, machine-based discovery just got simpler. Seamlessly track certificates on your machines. This enhancement helps you quickly identify certificates that have been added or removed and manage them appropriately. Learn more

Firefly 1.1 released

9 August 2023

A new minor version of the Firefly on-prem component has been released. This release features new AWS authentication endpoints using AWS workload identity documents, as well as the addition of a Helm chart, simplifying the installation of Firefly in a Kubernetes cluster. Learn more

CyberArk connector now available in TLS Protect Cloud

20 July 2023

The TLS Protect Cloud integration with CyberArk allows TLS Protect Cloud to access credentials stored in a CyberArk vault when performing functions like provisioning certificates to machines. This allows you to use TLS Protect Cloud to manage the certificate lifecycle on your machines while continuing to use CyberArk to manage privileged credentials. Learn more

Enhanced Dev Central site

30 June 2023

Visit the enhanced Dev Central site, your go-to destination for access to essential resources for Venafi Control Plane, TLS Protect Cloud, and Firefly. With the redesigned homepage, you can easily explore comprehensive guides, API documentation, and recipes for these powerful products. Learn more)

Firefly and TLS Protect Cloud update: added TLS Protect Datacenter as a provider for subordinate CA certificate issuance

23 June 2023

Configure Firefly to use Venafi's TLS Protect Data Center as a CA for issuing intermediate certificates. Learn more

Webhooks: added support for Microsoft Teams

02 June 2023

Forward events and notifications to a Microsoft Teams channel using webhooks and the Connectors API. Learn more

User management: disable (or re-enable) users and their associated API keys

02 June 2023

Offboard specific users by disabling their accounts and associated API keys. Learn more

Tagging: easier creation of key:value pairs for certificates

10 April 2023

Tags allow you to add customized meta information to certificates beyond just the certificate properties. Learn more

Introducing Venafi Firefly: the decentralized certificate issuance solution that is both DevOps-friendly and security-approved

4 April 2023

If your environment requires rapid issuance of a large number of enterprise-trusted certificates to support your applications, Venafi Firefly is the perfect choice. Learn more