We are pleased to announce the official release of CipherTrust Manager (CM) Version 2.14.0, CipherTrust Cloud Key Management (CCKM) Version 2.14.0 and CipherTrust Secrets Management (CSM) Version 2.14.0.
New Features and Enhancements
Below are highlights from this release. See the full Release Notes here.
CipherTrust Manager (CM) v2.14.0
Filtering options are increased with two primary features based on IP Allowed Lists.
- Cluster Port – IP Allowed List helps avoid false positives from security scanners scanning the cluster port.
- Enriched Policy Engine – IP Allowed List identifies which systems can connect by defining system policies that allow or deny authentication based on the client’s IP address.
For more detail on Cluster Port, check Thales Docs.
For more detail on Enriched Policy Engine, check Thales Docs.
CipherTrust Manager Cloud Key Management (CCKM) v2.14.0
Oracle, Azure and Google integrations have expanded capabilities.
- Oracle Cloud Infrastructure External Key Management Service (OCI EKMS), Oracle’s new HYOK service, offers GA support with CipherTrust Manager as a key source. Luna Network HSM will be supported as a key source in 2024. We are proud to announce that Thales CCKM is the first partner to support the new OCI EKM service.
- Automatic Cloud Key Discovery (CCKM discovery feature) is a new, innovative, and competitive feature that allows customers to automatically discover and add Azure Key Vaults and Google Key Rings to CCKM. Automatic Cloud Key Discovery is especially valuable in providing customers a clear view of the number of Azure Key Vaults & Subscriptions, and Google Key Rings & Projects that are in use and helps determine how many licenses are required.
- The automated ‘discover’ and ‘add’ capabilities of the CCKM discovery feature help solve two problems for customers:
- Discover: Across a large organization, it is difficult to have complete visibility into Azure Key Vaults and Google Key Rings created by all departments.
- Add: For large customers managing hundreds of projects and thousands of keys, it is unmanageable to manually add all the needed key rings.
- The new KMS Container schedule, implemented to support the CCKM discovery feature, automatically detects the KMS containers (Azure Key Vaults & Google Key Rings) based on the Azure or Google Cloud Connection and adds the corresponding KMS containers to CCKM.
- Customized Access Control Lists (ACLs) can also be configured and automatically applied to the KMS Container schedules – increasing automation and eliminating the need for manual configuration.
- The automated ‘discover’ and ‘add’ capabilities of the CCKM discovery feature help solve two problems for customers:
For a description of the additional features in this release, please see Release Notes, Oracle Blog and Thales PR announcement.
For more detail on OCI EKMS, check Thales Docs.
For more detail on Automatic Cloud Key Discovery – Azure, check Thales Docs.
For more detail on Automatic Cloud Key Discovery – GCP, check Thales Docs.
Quick Links
CipherTrust Cloud Key Management PB – Sept ‘23
CM Product Brief –Sept ‘23
CDSP Product Brief – June ‘23
CDSP Datasheet –Oct ‘23
CipherTrust Secrets Management (CSM) v2.14.0
Provide simple migration from HashiCorp Vault by extending platform plugin.
- HashiCorp Vault Proxy feature provides a simple migration from HashiCorp Vault through API compatibility with HashiCorp Vault OSS enabling the use of Vault OSS community plugins for both Static & Dynamic Secrets. The benefits are:
- Extending the variety of platforms plugins
- Side-by-side scenarios with passwords repositories
- Easing migrations from existing solutions
Manage secrets stored on other secret management services.
- External Secrets Management While CipherTrust Secrets Management powered by Akeyless is built to internally store, manage, and protect your secrets, it can also be used to manage secrets stored on other secret management services like AWS, GCP, Azure, or Kubernetes (K8s). This can be done by creating an External Secrets Manager, that utilizes Targets to create local “windows” into the related services, effectively letting you manage them indirectly.
- After connecting to your External Secrets source, you will be able to manage them from the solution, including viewing, adding, updating, and deleting secrets.
- HashiCorp Vault Proxy: https://thalesdocs.com/ctp/cm/2.14/admin/secrets-management-akeyless/config-hvp-csm/index.html
- External Secrets Management: We don’t have anything related to this in the thalesdocs. Maybe we can refer to the Akeyless document, https://docs.akeyless.io/docs/external-kms.
For more detail on HashiCorp Vault Proxy, check Thales Docs.
For more detail on External Secrets Management, check Thales Docs.
Quick Links
“How to Choose a Secrets Management Solution” White Paper – Dec ‘23
CSM Solution Brief – April ‘23
CM Product Brief –Sept ‘23