2. DEFINE POLICY

8 min.

In this unit you will learn how to load your first policy.
Formatted in YAML, policy defines Conjur entities and the relationships between them.  An entity can be a policy, a host, a user, a layer, a group, or a variable.

A sample application policy named BotApp.yml is provided in the client container under policy directory.

At the end of this section:
As a privileged user, you will load a policy that defines a human user, a non-human user that represents your application, and a variable.

Prerequisite

You have completed Unit 1.

Log in to Conjur as admin. When prompted for a password, insert the API key stored in the admin_data file:

docker-compose exec client conjur login -i admin

Verification

When you successfully log in, the terminal returns:

Logged in

Load the provided sample policy into Conjur built-in root policy to create the resources for the BotApp:

docker-compose exec client conjur policy load -b root -f policy/BotApp.yml > my_app_data

Conjur generates the following API keys and stores them in a file, my_app_data:

  • An API key for Dave, the human user. This key is used to authenticate user Dave to Conjur.
  • An API key for BotApp, the non-human identity. This key is used to authenticate BotApp application to Conjur.

Those API keys is correlated with the number of Users & Hosts defined in a policy.

Verification

The terminal returns:

Loaded policy 'root'

Log out of Conjur:

docker-compose exec client conjur logout

Verification

When you successfully log out, the terminal returns:

Logged out