conjur v1.10 releases: secures secrets used by privileged users and machine identities
Conjur provides secrets management and machine identity for modern infrastructure:
- Machine Authorization Markup Language (“MAML”), a role-based access policy language to define system components & their roles, privileges, and metadata
- A REST web service to:
- manage identity life cycles for humans and machines
- organize and search roles and data in your secrets infrastructure
- authorize access to resources using a sophisticated permission model
- store secrets and make them available securely
- Integrations throughout the cloud toolchain:
- infrastructure as a service (IaaS)
- configuration management
- continuous integration and deployment (CI/CD)
- container management and cloud orchestration
How Conjur Works
To use Conjur, you write policy files to enumerate and categorize the things in your infrastructure: hosts, images, containers, web services, databases, secrets, users, groups, etc. You also use the policy files to define role relationships, such as the members of each group, and permissions rules, such as which groups and machines can fetch each secret. The Conjur server runs on top of the policies and provides HTTP services such as authentication, permission checks, secrets, and public keys. You can also perform dynamic updates, such as change secret values and enroll new hosts.
- Documentation explaining how to upgrade a Conjur server deployed in a
Docker Compose environment. cyberark/conjur#1528, cyberark/conjur#1584
- When Conjur starts, we now convert blank environment variables to nil. This ensures we treat empty environment values as
if the environment variable is not present, rather than attempting to use the empty string value. cyberark/conjur#1841
- The “inject_client_cert” request now returns 202 Accepted instead of 200 OK to
indicate that the cert injection has started but not necessarily completed.
- Conjur now verifies that Kubernetes Authenticator variables exist and have value before retrieving them so that a
proper error will be raised if they aren’t.
Copyright (C) 2018 CyberArk