CyberArk Conjur OpenSource Suite
The Conjur provider (with identifier conjur
) populates credentials from an external
Conjur service.
For information on using Secretless with CyberArk Conjur, see |
Secretless Broker configuration
To use the Conjur provider, Secretless must be configured to authenticate with Conjur. The Secretless Broker currently supports several methods of authenticating with Conjur (activating the first non-empty method in this order):
-
CONJUR_AUTHN_TOKEN_FILE
environment variable -
CONJUR_AUTHN_LOGIN
andCONJUR_AUTHN_API_KEY
environment variables -
Conjur Kubernetes authenticator-based authentication
In this mode, Secretless behaves as an authn-k8s-client and retrieves a machine identity through orchestrator-facilitated attestation that requires:
-
CONJUR_AUTHN_URL
environment variable (which containsauthn-k8s
) -
The same configuration environment variables as authn-k8s-client.
See the Conjur documentation for additional information on configuration.
-
All methods also require CONJUR_APPLIANCE_URL
and CONJUR_ACCOUNT
to
be set in the environment of the Secretless Broker. You may optionally
also include any other configuration environment variables that are
allowed by the Conjur Go Client Library.
When deploying applications to Kubernetes or OpenShift, the Kubernetes authenticator method of authenticating to Conjur is recommended. |
Example
|