New Secrets Management Capabilities: CyberArk Secrets Hub, CyberArk Conjur Cloud, CyberArk Conjur Enterprise, CyberArk Credential Providers

August 1, 2024 Chris Smith

Product Release – Secrets Management

New Secrets Management Capabilities: CyberArk Secrets Hub, CyberArk Conjur Cloud, CyberArk Conjur Enterprise, CyberArk Credential Providers and Partner Integrations – June 2024 Update

We’re excited about several new Secrets Management capabilities that we announced at IMPACT 24 in Nashville and around the globe on the IMPACT World Tour. These include CyberArk Conjur Cloud support for Self-hosted PAM, CyberArk Secrets Hub support for Google Cloud and dramatic performance improvements for the Credential Providers with Release 14. 

AWS also demonstrated their new ”Managed By CyberArk“ capability in the AWS Secrets Manger UI. 
As always, the latest information and details are in the respective What’s New sections of the appropriate product documentation.

CyberArk Secrets Hub

CyberArk Secrets Hub Now Supports Google Secret Manager

Secrets Hub now supports Google Cloud, enabling customers to create GCP Secret Manager secret stores and sync secrets from CyberArk PAM. With this release secrets can now be centrally managed by CyberArk in any of the three leading cloud secrets stores – AWS Secrets Manager, Azure Key Vault and Google Secret Manger. 

For more information refer to the Secrets Hub What’s New

Note, new capabilities are frequently added to CyberArk Secrets Hub, please check the Secrets Hub What’s New for the latest updates.

AWS Secrets Manager Identifies When Secrets Are “Managed By” CyberArk

AWS provides new capabilities in the AWS Secrets Manager (ASM) UI and API to indicate which secrets are centrally “managed by CyberArk”. So now developers and other ASM users can easily identify which secrets are being managed centrally in the CyberArk vault and which secrets need to be managed and rotated locally in ASM. For more information, refer to the AWS product documentation.

CyberArk Conjur Cloud

Conjur Cloud Now Integrates with PAM Self-Hosted

Conjur Cloud now integrates with CyberArk PAM Self-Hosted, supporting the ability to sync secrets from PAM Self-Hosted using the CyberArk Vault Synchronizer v13.3.

The integration also supports:

  • Dual Accounts: Ensures an application or workload can always use a valid credential to access a resource, even when the credential is being rotated. The approach prevents a delayed response or application failure caused by a password mismatch during rotation. Use of dual accounts is recommended for high-load and critical workloads.
  • Deletion of accounts and Safes: When an account or Safe is deleted from PAM Self-Hosted, Conjur Cloud’s Cleanup feature deletes the associated accounts and Safes In Conjur Cloud.

For details, see Set up the accounts in Privilege Cloud/PAM – Self-Hosted to work with Conjur Cloud.

Create and Manage AWS Dynamic Secrets from Conjur Cloud UI and APIs

Conjur Cloud admins and users can now create and manage AWS dynamic secrets from the Conjur Cloud UI, or by sending API requests. For details, see the Manage dynamic secret resources documentation.

Updates to the Conjur Cloud CLI v1.1.1

Highlights of this update include:

  • Security enhancements.
  • Fix for KI#00022191.
  • Update to issuer delete: By default, when you delete an issuer using the Conjur Cloud CLI, the secrets associated with the issuer are also deleted. If you want to keep the secrets, you can now include the keep-secrets flag in the command. For details, see issuer delete.

CyberArk Credential Providers

Improved Performance with CP v14.0 Release

The CyberArk Credential Providers (CP) version 14.0 enables significant performance improvements which include ability to support more than three times (3x) the number of CPs per vault, more than doubling the number of transactions per second each CP can handle, while using a fraction of the prior CPU consumption. For more details about this release, see the Credential Providers v14.0 release notes.

CyberArk Conjur Integrations

Recent integrations with CyberArk Conjur Cloud and CyberArk Conjur Enterprise include:

Simplified Jenkins JWT Integration

The new Jenkins Conjur Secrets plugin release (version 2.0.0) simplifies the JWT configuration process and improves the plugin's security. Note: when you upgrade to release 2.0.0 from a previous version, you may need to reconfigure your environment because some field values have new restrictions. For more information, see Jenkins integration.

Previous Article
Financial Highwire: The Critical Role of Identity Security in Finance
Financial Highwire: The Critical Role of Identity Security in Finance

In the highwire act of the financial services sector, identity security serves as the essential safety net,...

Next Article
Transcript: Embracing a Unified Identity-Centered Zero Trust Approach
Transcript: Embracing a Unified Identity-Centered Zero Trust Approach

Video Interview Transcript with Amit Chhikara, principal in Deloitte Advisory's cyber risk and privileged a...