Enhancements to existing functions
- Support for curves X25519 and ED25519 (Added new options for encrypting keys)
- Trusted Certificate Authority (CA) authentication will now check for certificate expiry
- Improved workflow when creating new objects
- Rotation history for Security Objects
- Distinguish Groups with External Roles Mapped
Enhancements to existing functions
- X25519 is an elliptic curve Diffie-Hellman key exchange using Curve25519. It allows two parties to jointly agree on a shared secret using an insecure channel.
- ED25519 is an elliptic curve signing algorithm using EdDSA and Curve25519.
This release will introduce support for the above algorithms. Users will now be able to select from additional cryptographic algorithms when encrypting security objects. To create a security object encrypted with elliptic curve (X25519 and ED25519),
- Go to Security Object page.
- Create a Security Object.
- Select Generate, choose EC as the type.
- In the Curve drop-down, choose either X25519 or ED25519.
When creating a new App, users will be prompted to choose an Authentication method. One of the methods is via Trusted CA. Following this release, when users upload a trusted CA certificate, a validation check will be triggered to verify that the certificate has not expired. Previously, there was no validation check for expiry. To access this page,
- Go to Apps page.
- Create a new App.
- Under Authentication method, select Trusted CA.
The Create Group workflow has been improved. Now, users can create objects from the group page. From the Group page, create a new Group. The following screen will be displayed.
Clicking on any of the Add New Object buttons will bring the user to the create object page. Previously, this workflow was linear and wizard-based, the user would be prompted to create group > create app > create plugin and so on. By eliminating the wizard, the user can choose to skip to create any other object after the group is created. The new object will be automatically assigned to this group.
Users will now be able to see the rotation history of a Security Object.
When Security Objects are rotated, a new Security Object is created with the same name. An icon is displayed in the table view to indicate that the object has been rotated. The old pre-rotated Security Object is renamed with the following format «security object name»-replaced-by-«new rotated object UUID».
For example, SQL_Server_Key3 is the Security Object being rotated.
- The first rotation renamed the original object to “SQL_Server_Key3-replaced-by-c3bd5285-0268-4b44-a12c-7ec2d2b36587”. This is the original object before any operation was performed on it. The rotation created a new object with the UUID c3bd5285-0268-4b44-a12c-7ec2d2b36587.
- This is the rotated object (UUID c3bd5285-0268-4b44-a12c-7ec2d2b36587) that was created from 1. Another rotate key operation was performed on it. The second operation renamed this object to “SQL_Server_Key3-replaced-by-0e2909f9-39f2-4e6a-a52b-ede14b06b22f”. This rotation created a new object with the UUID 0e2909f9-39f2-4e6a-a52b-ede14b06b22f.
- This is the rotated object (UUID 0e2909f9-39f2-4e6a-a52b-ede14b06b22f) created from 2. It is the newest rotated object. It takes the name of the original object – “SQL_Server_Key3”.
Clicking on the object will show you the details relating to key rotation such as:
- Name of Security Object that was rotated to create the current object
- UUID of current object
An icon has been added to Groups table that explicitly shows when external roles have been mapped.
- Fixed a bug where the Save button was not disabled when there are no changes when editing a security object. The correct behavior should be: when there are no changes, users should not be able to click on the Save button.
- Fixed a bug where the tool tip for Oauth was not displaying in App info.
- Removed “Clear” button when trying to Searching/Filtering by Expiry date. This button was non-functional.
- Fixed an overflow error in Invoke Plugin output.
For Log management (under Account Settings), when an integration is disabled, all settings for the integration will be greyed out (no longer editable). This screen can be accessed from Account Settings, select Log Management, if there is an editable integration, click on Edit Configuration.
Under Account Settings > Log Management > Syslog – Add Integration (or Edit Configuration), when Custom CA Certificate is selected, the text area to upload the file will now extend all the way to the right. Previously, the text area only occupied a portion of the screen which is not an efficient use of the screen space.