Azure conditional access mfa4/22/2023 This release introduces improvements to the MFA workflow to simplify configuration and debugging. Rich Dubose notes that some customers indicated they had "UX challenges with these configurations". Support for MFA was added in the 1.10 release with configurations for systems such as Duo, PingIdentity, and Okta. While service account keys are limited to ten per service account, they have a controllable lifetime. They also have a static lifetime of one hour that cannot be adjusted or revoked. They cannot be used with some client libraries and tools. While it is possible to generate as many of these tokens as needed, they have some limitations as compared to service account keys. Access tokens can be generated by reading from the gcp/./token API route: vault read gcp/roleset/my-token-roleset/token This works around Google Cloud's ten-key limit when the same service account is used with ten or more Vault roles. It is now possible to generate access tokens using Google Cloud's account impersonation feature. The Google Cloud secrets engine has also received improvements in this release. The new multi-namespace access approach (credit: HashiCorp) Setting it to within_namespace_hierarchy will revert back to allowing only Vault clients authenticated and authorized within that namespace. Setting this flag to any will allow any authenticated and authorized Vault client to read secrets from the namespace. Sharing secrets across independent namespaces is accomplished using the new group_policy_application_mode flag. Previously, applications would need to authenticate per namespace with distinct Vault Agents needed per namespace. Namespaces provide isolated environments that enable tenant isolation within a single Vault instance. This release introduces namespace improvements that allow for a single Vault Agent to fetch secrets across multiple namespaces. HashiCorp has also released Vault as a managed service for Microsoft Azure environments. This release includes multi-namespace access workflows, improvements to the Google Cloud secrets engine, usability improvements to MFA, and certificate revocation for cross-cluster management. HashiCorp has released version 1.13 of Vault, their secrets and identity management platform.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |