38 posts tagged with "Enterprise"
View All TagsContinuously export audit logs as newline-delimited JSON to a dedicated logs/audit/ folder in instance object storage, for SIEM forwarding and archival.
New features
- Opt-in export of audit logs to S3, Azure Blob or Google Cloud Storage
- Newline-delimited JSON written to a dedicated logs/audit/ folder, partitioned by day
- Incremental and runs in the background off the audit log hot path, with a single exporter under high availability
- Exported files are never deleted from object storage, so database retention can be set much lower
- Recommended setup to forward audit logs to a SIEM for long-term security analysis
Trigger scripts and flows in response to Azure Event Grid events from custom topics, system topics, domains, and Event Grid Namespaces.
New features
- Subscribe to Azure Event Grid basic topics, system topics and domains (basic_push mode).
- Subscribe to Event Grid Namespace topics with CloudEvents 1.0 push or pull delivery.
- Service Principal authentication; the Azure subscription is derived from the topic or namespace ARM path.
- Auto-discovery of topics and namespaces the service principal can access via ARM.
- Server-managed shared-secret authentication on inbound push webhooks.
- Lock-token ack/reject on namespace pull, enabling dead-lettering and batched consumption.
- Optional event-type filters per trigger.
- Capture mode uses an isolated -wm-capture subscription so tests never clobber the deployed trigger.
Workspace forks now include data tables, and the new wmill workspace merge command enables merging forks back to the parent.
New features
- Data tables are included when forking a workspace.
- New wmill workspace merge CLI command.
- Color support in forked workspaces.
Store Windmill secrets in AWS Secrets Manager as an alternative to the database, HashiCorp Vault, or Azure Key Vault.
New features
- AWS Secrets Manager as a third external secret storage backend.
- Supports static credentials or the default AWS credential chain (IAM roles, env vars).
- Configurable prefix and custom endpoint for LocalStack.
- Bidirectional migration between backends.
Store Windmill secrets in Azure Key Vault as an alternative to the database or HashiCorp Vault.
New features
- Azure Key Vault as a secret storage backend.
- Configured via Key Vault URL and service principal credentials.
- Same migration and fail-closed semantics as Vault.
Dedicated worker scripts sharing the same workspace dependency and language now automatically run in a single long-lived subprocess.
Create workspace-scoped automation identities that cannot log in directly, for CI/CD pipelines and API integrations.
New features
- Workspace-scoped service accounts that cannot log in.
- Always operators with a username-only identity.
- Admin impersonation for testing permissions.
SCIM PATCH with active:false now disables users at the instance level instead of deleting them. Admins can also manually disable users.
New features
- SCIM deprovisioning disables users instead of deleting them.
- Disabled users cannot log in but retain workspace memberships.
- Manual enable/disable from instance settings.
Add per-step debouncing to flow nodes to consolidate repeated executions of a specific step within a flow.
New features
- Per-step debounce node in the flow editor.
- Configurable delay, custom debounce key, and argument accumulation.
- Max debouncing time and max debounce count limits.
Self-managed GitHub App support for GitHub.com and GitHub Enterprise Server instances, enabling Git sync without relying on the Windmill-managed GitHub App.
New features
- Register your own GitHub App on GitHub.com or GitHub Enterprise Server for Git sync authentication.
- Self-managed JWT token generation and exchange directly with your GitHub instance.
- Host-based installation filtering prevents token leakage across GitHub instances.
Persistent volumes for scripts via code annotations, per-script sandbox annotation for Python and TypeScript, and AI sandbox for running coding agents with isolation and persistent state.
New features
- Volumes: persistent file storage attached to scripts via comment annotations, synced to workspace object storage.
- Dynamic volume names with $workspace and $args[...] interpolation.
- Per-worker LRU volume cache (10 GB) with exclusive leasing for concurrency safety.
- Per-script sandbox annotation (#sandbox / //sandbox) now supported for Python and TypeScript in addition to Bash.
- AI sandbox: sandboxing + volumes pattern for running AI coding agents (Claude Code, Codex, OpenCode) with persistent state.
- Built-in Claude Code template using the Claude Agent SDK with volume-backed session persistence.
- Volumes UI in the Assets page for browsing, exploring, and deleting volumes.
- Community Edition volume limits: max 20 volumes per workspace, 50 MB per file.
Approval steps in workflows as code now expose a selfApproval flag (TypeScript) and self_approval (Python) to control whether the user who triggered the workflow can also approve it, matching the visual flow editor toggle.
New features
- New selfApproval / self_approval parameter on approval steps in workflows as code.
- Set to false to require a different approver, matching the visual flow editor toggle.
- Available in the TypeScript and Python WAC SDKs.
MS SQL Server resources can now authenticate using Azure AD (Entra) OAuth tokens through the aad_token field, alongside username/password and Windows Integrated Authentication. Uses the Windmill Azure OAuth setup with the database.windows.net scope.
New features
- Azure AD (Entra) authentication for MS SQL Server resources via the aad_token field.
- Three authentication methods supported: username/password, Azure AD, and Windows Integrated Authentication.
- Uses the Windmill OAuth setup with the https://database.windows.net//.default scope.
Configure private package registries for npm, Maven, and Cargo from instance settings. Supports .npmrc for npm/Bun/Deno, settings.xml for Maven/Java, and config.toml for Cargo/Rust.
New features
- .npmrc support for npm private registries, compatible with Bun (1.1.18+), Deno 2.x, and npm proxy.
- Maven settings.xml configuration for private Maven repositories, written to {JAVA_HOME}/.m2/settings.xml.
- Cargo config.toml for private Cargo registries, written to .cargo/config.toml in the job directory.
- All private registry configurations are Enterprise Edition features.
Manage Windmill instance configuration declaratively with YAML files, a Kubernetes operator, or the CLI. Version-control, review, and reproduce your setup across environments.
New features
- Declarative YAML configuration for global settings and worker groups.
- Kubernetes operator with ConfigMap-based continuous reconciliation and drift detection.
- sync-config CLI command for Docker Compose and VM deployments.
- Secret references via envRef (environment variables) and secretKeyRef (Kubernetes Secrets API).
- Export current instance configuration as YAML from the UI or CLI.
Enforce governance policies on workspaces by disabling direct deployments or workspace forking. Configure bypass permissions for specific users or groups.
New features
- Disable direct deployment to enforce review workflows
- Disable workspace forking to control development environments
- Configure bypass permissions for users or groups
- Works with Git Sync and Deploy to Prod workflows
Kafka triggers now support message filtering. Define key/value pairs to filter messages before they trigger a job. Uses JSON superset matching — the message value at a given key must contain all fields from the filter value.
New features
- Key/value-based message filtering for Kafka triggers
- JSON superset matching for flexible filtering
- Shared filter component with WebSocket triggers
- Filter preview in the trigger editor UI
Capture HTTP requests made by job scripts as observability spans
New features
- View HTTP request traces (method, URL, status, timing) in the job details UI
- Auto-instrumentation for Native TypeScript, MITM proxy for other languages
- Integrates with external OpenTelemetry collectors
DuckDB scripts can now write data to Azure Blob Storage in addition to reading. Supports Parquet, CSV, and JSON formats when Azure Blob is configured as workspace storage.
New features
- DuckDB write support for Azure Blob Storage
- Works with Parquet, CSV, and JSON formats
Configure a script to run automatically when jobs complete successfully in the workspace. The counterpart to the workspace error handler — receives the job result, path, and metadata. Cached with a 60-second TTL.
New features
- Workspace-level success handler triggered on job completion
- Receives job result, path, email, job_id, and metadata
- Configurable from workspace settings with template support
- 60-second cache for handler settings
Windmill autoscaling now supports native Kubernetes integration, providing easier setup, improved reliability, and enhanced security compared to custom script-based solutions.
New features
- Native Kubernetes autoscaling without custom scripts.
- Automatic worker-group, namespace and credentials inference.
- RBAC-based security with deployment scaling permissions.
- Health check validation for proper configuration.
- Seamless integration within existing Kubernetes clusters.
Windmill now supports using AWS OIDC for instance object storage configuration.
New features
- Added AWS OIDC support for instance object storage
Install the Windmill GitHub App instead of using a long lived personal access token (PAT) to authenticate with GitHub for Git sync
New features
- No need for long lived GitHub personal access token
- Improved controls over repo access from Windmill using the App installation scope
Support for NATS triggers to run jobs when messages are received.
New features
- Add support for NATS triggers to run scripts and flows when messages are received from NATS subjects
- NATS triggers run on the server side without consuming worker resources
Windmill now supports Oracle scripts.
New features
- Write your Windmill script in Oracle.
- Run your Oracle scripts locally or in the cloud.
Cloud and enterprise users can now set a custom public URL for their app.
New features
- Set a custom public URL for your app
Enterprise users can now search jobs and logs using our new indexer service powered by the rust search engine Tantivy.
New features
- Updated helm charts to run the indexer service and enable full text search
- Search jobs from anywhere, querying path, args, results or even job logs
- Minimal grafana-like tool to explore service logs
Enterprise users now have access to a dedicated dashboard for tracking feature requests and issues.
New features
- Private issue tracking dashboard
- Feature request tracking
- Automatic email and Slack/Discord notifications
- GitHub integration for issue tracking
- Release tracking and notifications
Support for Kafka triggers to run jobs when messages are received.
New features
- Add support for Kafka triggers to run scripts and flows when messages are received from Kafka topics
- Kafka triggers run on the server side without consuming worker resources
Critical alerts notifications are now displayed in the UI.
New features
- Critical alerts notifications are now displayed in the UI
Windmill AI now supports Mistral's Codestral and Anthropic's Claude 3.5 models.
New features
- Added support for Mistral Codestral model
- Added support for Anthropic Claude 3.5 model
Support for WebSocket triggers to run jobs when messages are received.
New features
- Connect to WebSocket servers and trigger scripts/flows when messages are received
- Support for both static WebSocket URLs and dynamic URLs generated by scripts/flows
- Configure initial messages for authentication or subscriptions
- Filter incoming messages using JSON path matching
- Server-side listening without consuming worker resources
Worker autoscaling automatically adjusts the number of workers based on your workload demands.
New features
- Automatic worker scaling based on workload demands
- Configurable min/max worker limits
- Support for custom scaling scripts
- Occupancy-based scaling decisions
- Cooldown periods to prevent scaling thrashing
- Detailed autoscaling event logging
Critical alerts for jobs waiting in queue.
New features
- Add functionality to monitor job queues and trigger alerts for waiting jobs, with UI for alert management in enterprise feature.
- The "cooldown" parameter determines the minimum duration between two consecutive alerts if the number of waiting jobs are fluctuating around the configured threshold.
Windmill supports custom HTTP routes to trigger a script or flow.
New features
- Trigger a script or flow via a custom HTTP route.
- Use a preprocessor to transform the request before it is passed to the runnable.
Get a notification everytime on critical events such as when a job is re-run after a crash.
New features
- Get email or Slack notifications for critical events such as everytime a job is re-run after a crash.
- You can set an alert to receive notification via Email or Slack when the number of running workers in a group falls below a given number.
We have released our new Windmill Billing Portal https://portal.windmill.dev/.
You can access your Portal from your Instance settings, in the "Core" tab. Or by visiting https://portal.windmill.dev/, entering your email and then accessing the link sent via email. Update contact information, billing details and subscription (seats & workers) from the portal. From there, you can also enable/disable any time automatic renewal and automatic debit (therefore payment by invoice).
In the Usage section, you can find the seats of workers usage of your Prod instance, and check whether your use of Windmill corresponds to your subscription. There is a ‘Report an error’ button, please use it if reported usage is incorrect.
It's also an opportunity for us to explain our new way of managing license keys for self-hosted instances.
As you know, when you subscribe to Windmill, you receive a license key to enter in the instance settings. Now, this key automatically updates every day as long as the subscription is valid. A key is valid for 35 days and expires as soon as an updated key replaces it. This system relieves you from having to worry about your key expiring. Now everything is automatic as long as your subscription is valid. You can still contact us for exceptions.
New features
- Windmill Billing Portal available at https://portal.windmill.dev/
- See info on subscription and usage.
- Update contact info from your portal.
- Update subscription and billing details.
- Automatic license key renewal.
If configured, users who are operators in this workspace will be redirected to this app automatically when logging into this workspace.
New features
- Set an app to pop up when an operator logs into the workspace.
- Make sure the default app is shared with all the operators of this workspace before turning this feature on.