This integration allows Terraform users to leverage Conjur’s advanced non-human access control capabilities such as robust secrets management, tamper resistant auditing, and strong container authentication. This allows users of both products to seamlessly manage secrets used by Terraform with Conjur. This adds to the growing list of integrations Conjur has with other tools and platforms, such as AWS, Kubernetes, OpenShift, Google Kubernetes Engine, Pivotal Cloud Foundry, Puppet, Ansible, Jenkins and many more. With Conjur, Terraform users can leverage this robust integration library to setup a Role-Based Access (RBAC) policy to control non-human access to sensitive data across multiple tool stacks and platforms.
About the Integration
The Conjur Terraform integration can be deployed natively with the new Conjur provider or with our Summon utility that inject secrets into environment variables. However, we will focus on the native integration in this blog.
- Strong authentication for secrets fetched from Conjur.
- Simple setup in the Terraform manifest.
- Restorable RBAC policy for non-human access.
- Easy to access secrets from the Terraform manifest.
- Prevent sensitive secret information from appearing in Terraform logs or on-screen.
- Unified interface for managing non-human access (secrets) across multiple tools and platforms.
If you haven’t tried Conjur open source yet, you can get started with a guided tutorial that is hosted in Heroku here. To learn more about the Conjur Terraform integration, read our detailed setup and installation guide here. Be sure to keep reading our blog for interesting tutorials and practitioner content. Also, don’t forget to join out the CyberArk Commons to ask questions and chat with other community members. This integration, as with all Conjur features are also available in the enterprise version of Conjur, Application Access Manager.
John Walsh has served the realm as a lord security developer, product manager and open source community manager for more than 15 years, working on cybersecurity products such as Conjur, LDAP, Firewall, JAVA Cyptography, SSH, and PrivX. He has a wife, two kids, and a small patch of land in the greater Boston area, which makes him ineligible to take the black and join the Knight’s Watch, but he’s still an experienced cybersecurity professional and developer.