Conjur Terraform Integration

Conjur Open Source Now Natively Integrates with Terraform

This integration allows Terraform users to leverage Conjur’s advanced non-human access control capabilities such as robust secrets management, tamper resistant auditing, and strong container authentication.  This allows users of both products to seamlessly manage secrets used by Terraform with Conjur.  This adds to the growing list of integrations Conjur has with other tools and platforms, such as AWS, Kubernetes, OpenShift, Google Kubernetes Engine, Pivotal Cloud Foundry, Puppet, Ansible, Jenkins and many more.  With Conjur, Terraform users can leverage this robust integration library to setup a Role-Based Access (RBAC) policy to control non-human access to sensitive data across multiple tool stacks and platforms.

 

About the Integration

The Conjur Terraform integration can be deployed natively with the new Conjur provider or with our Summon utility that inject secrets into environment variables. However, we will focus on the native integration in this blog.

 

Key Benefits:

  • Strong authentication for secrets fetched from Conjur.
  • Simple setup in the Terraform manifest.
  • Restorable RBAC policy for non-human access.
  • Easy to access secrets from the Terraform manifest.
  • Prevent sensitive secret information from appearing in Terraform logs or on-screen.
  • Unified interface for managing non-human access (secrets) across multiple tools and platforms.

 

Getting Started

If you haven’t tried Conjur open source yet, you can get started with a guided tutorial that is hosted in Heroku here.  To learn more about the Conjur Terraform integration, read our detailed setup and installation guide here.  Be sure to keep reading our blog for interesting tutorials and practitioner content.  Also, don’t forget to join out our online Slack community to ask questions and chat with other community members.  This integration, as with all Conjur features are also available in the enterprise version of Conjur, Application Access Manager.