This year brought a series of updates to CyberArk Secrets Management products, all with the goal of making comprehensive secrets management more accessible and less labor-intensive. The latest enhancements deliver new capabilities in Secrets Manager and Secrets Hub, streamlining certificate creation and simplifying how cloud secrets are onboarded and managed.
Let’s take a look at what’s changed!
What’s new in CyberArk secrets management
Recent changes have made Conjur product names clearer and more descriptive of their capabilities.
- Conjur Cloud Secrets Manager is now CyberArk Secrets Manager, SaaS.
- Conjur Secrets Manager Enterprise is now CyberArk Secrets Manager, Self-Hosted.
While you may still spot the Conjur name around in the UI and documentation as we complete the transition through the end of the year, rest assured that these updates are all about making your experience even more seamless and intuitive.
Automated certificates and AWS secret onboarding
Managing PKI certificates for workloads can be a manual, time-consuming process. We’re making it easier. You can now enable your workloads to create certificates directly from Secrets Manager, SaaS.
This new capability gives you two flexible options. Workloads can provide their own certificate signing requests (CSRs), or you can have Secrets Manager, SaaS generate both the keys and the CSRs based on metadata you provide. This process works with any of our CyberArk Certificate Manager, SaaS, Certificate Authority (CA) integrations, including DigiCert, GlobalSign, Zero Touch PKI, Microsoft ADCS, and others. The result is a more automated, less error-prone way to manage certificate lifecycles for your applications and services.
Cloud secrets, meet security on autopilot: Instantly onboard AWS credentials to CyberArk PAM
Discovering unmanaged secrets in your cloud environments is one thing. Securing them is another. Secrets Hub helps you close the loop by onboarding AWS secrets directly into CyberArk for full lifecycle management.
After Secrets Hub discovers secrets in AWS, you can now send them straight to CyberArk Privilege Cloud or PAM Self-Hosted. Once onboarded, these secrets can be managed and automatically rotated according to your central policies. You can even configure a sync policy to push the updated, rotated secrets back to AWS, ensuring your cloud applications always have the correct credentials without manual intervention.
This bridges the gap between discovery and management, helping you bring scattered cloud secrets under centralized control quickly.
Under-the-hood upgrades: Smarter secrets, smoother automation
Alongside these major updates, we’ve shipped several other enhancements to improve your workflow and security posture.
Secrets Manager, SaaS improvements:
- Authenticator management: A new APIv2 and updated UI make it easier to create and manage authenticators. You can also add members and groups directly from the Authenticators page.
- AD group synchronization: When you add custom roles and AD groups to built-in roles in CyberArk Identity, the structure is now replicated in Secrets Manager, SaaS. This simplifies permission assignments without needing to recreate groups manually.
- Privilege Cloud synchronization: Support for syncing dual accounts from Privilege Cloud ensures passwords remain valid during rotation. Additionally, when accounts are deleted in Privilege Cloud, the corresponding resources in Secrets Manager, SaaS are now removed automatically.
Secrets Hub improvements:
- New certifications: Secrets Hub is now SOC 2 and SOC 3 certified.
- Secret expiration: You can now enforce expiration on all secrets synchronized via Secrets Hub.
- Azure Key Vault authentication: Secrets Hub can now authenticate to Azure Key Vault using a federated identity.
These updates are designed to give you more control, better automation, and a rock-solid security posture across your environments. Stay in the loop with all the latest enhancements by visiting the What’s New for Secrets Manager and the What’s New for Secrets Hub pages.
