Machine IdentityMachine Identity is the heart of Conjur. Conjur was designed from the ground up to support security automation workflows of all kinds - secrets management, SSH, traffic authorization, container environments, configuration management, and custom access control scenarios.
Secrets ManagementConjur provides a policy framework to manage access to secrets. The policy definitions contain no secret themselves, making them safe and easy to share, review, and edit among a group of people without exposing confidential information. With secrets abstraction, even the users of secrets need not know their values.
Authorization ModelConjur’s machine identity capabilities are built on the foundation of RBAC, ensuring that the automated workloads managed by Conjur are running with proven and scalable security properties. Conjur's policy management can be managed strictly, ensuring that security rules at scale is both tightly managed and scalable.
ScalabilityConjur has collected extensive benchmarks of the scale-out performance of Conjur, and can demonstrate linear scaling from clusters of 1 machine to 10 or more. Conjur can demonstrate the fully authenticated, authorized, retrieval of up to 4 million secrets per minute.
Built for ContainersContainers come with their own security challenges and Conjur is specifically built with those in mind. Conjur uniquely identifies containers where each container has its own unique permissions (RBAC) managed by a Conjur root policy. Applications and services running on those containers are also uniquely authenticated and authorized, making sure secrets are shared securely only with their intended recipients.
IntegrationsCyberArk officially provides and supports integration libraries between Conjur and external tools such as Puppet, Ansible, and Summon, as well as API libraries for Ruby, Go, Java, and .NET. CyberArk has officially partnered with Puppet to provide joint support for the Conjur Puppet Module. CyberArk is extending this partnering relationship to other major tool vendors in the DevOps space.
Learn about Conjur Enterprise
- Admin Web UI and Activity Dashboard
- Cloud SSH authorization and permission level management
- Password rotation
- Tamper-proof audit and export of audit data
- CyberArk Privileged Account Security Solution integration
- Infrastructure elastic auto-scaling
- Multi Datacenter Deployment
- HSM support
How Conjur Works
To use Conjur, you write policy files to enumerate and categorize the things in your infrastructure: hosts, images, containers, web services, databases, secrets, users, groups, etc. You also use the policy files to define role relationships, such as the members of each group, and permissions rules, such as which groups and machines can fetch each secret. The Conjur server runs on top of the policies and provides HTTP services such as authentication, permission checks, secrets, and public keys. You can also perform dynamic updates, such as change secret values and enroll new hosts.
Understanding and Selecting a Secrets Management Platform
Read this paper from Securosis to learn how Secrets Management tools fit perfectly within a DevOps operational model.
Building a Secure DevOps Pipeline
Learn how PwC’s strong capabilities in working with clients to identify, design and deploy improved processes and technical solutions for DevOps are also inclusive of a critical element: secrets management.