Vault 1.13 focuses on core Vault secrets workflows, as well as team workflows, integrations, and visibility. Key features in this release include enhancements to:
Additional new features include:
When clients have secrets distributed across multiple (independent) namespaces, their applications need to authenticate to Vault multiple times, creating an unnecessary burden. Additionally, clients using Vault Agent must run separate Vault Agent instances to communicate with each namespace. Vault 1.13 includes namespace enhancements to alleviate these challenges by enabling a single Agent instance to be able to retrieve secrets from multiple namespaces.
MFA login improvements
Since version 1.10, Vault has introduced Login MFA, a standardized configuration for integration with Duo, PingIdentity, Okta, and TOTP, but some customers have found UI challenges with these configurations. With these enhancements introduced in 1.13, customers will be able to more easily migrate to Login MFA. Login MFA will be easier to configure and debug.
Vault Operator (Beta)
Kubernetes applications using Vault to manage secrets haveusers wanting the ability to use a side module or the CSI secrets store provider to inject secrets into files. This was creating a number of challenges.
First, these approaches required applications to be modified if they wanted to be able to read from a file. Additionally, the applications needed to be aware of when the certificates were modified in order to be able to read from the file again.
Vault Agent enhancements
Vault 1.13 includes several enhancements to Vault Agent.
Users can get started with Vault Agent without the need to set up authentication methods. This feature is intended for training and testing. It is not recommended for use in production environments.
HCP connection for self-managed Vault (private beta)
In Vault 1.13 and the HashiCorp Cloud Platform (HCP), we have introduced a feature to enable active connections between self-managed Vault and HCP clusters. The feature is similar to Consul’s global dashboard.
Vault Agent can now read configurations from multiple files.
Vault Agent saves logging when there is a mismatch between the agent and the server.
HCP connection for self-managed Vault (private beta)
In Vault 1.13 and the HashiCorp Cloud Platform (HCP), we have introduced a feature to enable active connections between self-managed Vault and HCP clusters. The feature is similar to Consul’s global dashboard.
More details on these and other changes included in this release can be found in the release post. An upgrade guide is available to assist with the upgrade process for existing clusters. Vault can be found either as open source or in an enterprise release.
]]>Around 70 is the number of the government websites that were temporarily blocked. A message appeared right before the attack. It said: “prepare for the worst”. However, access to most of the sites was restored within hours.
While Russia had not commented on the situation, Russia and Nato offered support to Ukraine.
For the cyber attack’s purpose, hackers used a combination of technical tools, according to Mykhailo Fedorov, Ukraine’s minister of digital transformation, told Bloomberg. They have also found malicious software capable of deleting data from affected domains.
1,200 cyber-attacks or incidents were neutralized for the past nine months by the Ukraine’s SBU security service.
A message on the hacked websites was posted in three languages – Ukrainian, Russian and Polish, when the attack started on Friday. It said:
“Ukrainian! All your personal data has been uploaded onto the public internet. This is for your past, your present and your future.”
Diaa, which provides a key system containing government services that stores personal vaccination data and certificates, was one of the targeted websites.
Happily, no personal data had been leaked, according to initial assessments, and no content had been changed, told The SBU in Kyiv.
]]>