Changelog

For the right notifications to reach the right people on your team, we’ve added new fields to our email notifications settings.

The Developer API Client tokens are now integrated with GitHub’s secret scanning feature. When your API tokens are accidentally committed and found on public GitHub repositories, we will revoke them to block unauthorized access to your Workato workspace, and send your admins an email alert.

Find out more about this secret scanning feature.

This API call clears the secrets management cache to retrieve the latest available credentials from your external secrets manager, whether that’s AWS Secrets Manager or Hashicorp Vault. This allows you to update your secrets regularly with no disruptions to active recipes.

For tighter security, we’ve extended support for secrets manager, Hashicorp Vault, to our on-prem agents (OPA) and on-prem groups (OPA).

We’re excited to share that Workato now supports HashiCorp Vault secrets engine, a security feature many of our customers have been asking for.

HashiCorp Vault is an external secrets manager that lets you store and retrieve passwords and API tokens in a secure way. And trust us, this comes in super handy when you create or update a connection on Workato.

Here’s a quick guide on setting it up for your workspaces.

We introduced API Clients for Developer APIs this January, which allows users to grant clients granular role and project-based app access. It’s now enhanced with:

• IP Whitelisting
• Developer APIs to manage API clients
• Support for project-level lookup tables, project properties, API Platform collections and API Platform Clients
• Recipe Operator connector support for API Client tokens

See API Clients’ documentation for more.

More audit events have been added, to track changes to a workspace’s security and permissions settings.

This allows admins more visibility to troubleshoot changes.

See the full list of account activities tracked.

We have launched status pages for each region, so users can monitor our systems’ status, check for incidents—and subscribe to email updates.

• USA status page
• Europe status page
• Singapore status page
• Japan status page 

With API Clients, users can now grant clients granular role and project-based app access. For greater security, view-once tokens are now available. Read this update’s documentation, or go to the revamped Workspace Access to start configuring.