10 min.

In this unit you will learn how to install Conjur OpenSource using Docker.

At the end of this section:
You will have a working Conjur OSS environment with a Conjur account and an admin user.


$ git clone https://github.com/cyberark/conjur-quickstart.git

Open a terminal session and browse to conjur-quickstart. Pull the Docker images defined in docker-compose.yml:

$ docker-compose pull


When the required images are successfully pulled, the terminal returns the following:

Pulling openssl ... done
Pulling bot_app ... done
Pulling database ... done
Pulling conjur ... done
Pulling proxy ... done
Pulling client ... done

The master data key will be used later to encrypt the database.
In the working directory, generate the key and store it to a file:
* Tip: Although not mandatory, we prefer to store sensitive data to a file and not to display it directly on console screen.

$ docker-compose run --no-deps --rm conjur data-key generate > data_key

The data key is generated in the working directory and is stored in a file called data_key.


When the key is generated, the terminal returns the following:

Creating network "conjur-quickstart_default" with the default driver

Load data_key file content (the master data key) as an environment variable:

$ export CONJUR_DATA_KEY="$(< data_key)"

Start the Conjur OSS environment:

$ docker-compose up -d

When Conjur OSS starts, the terminal returns the following:
Creating postgres_database ... done
Creating bot_app ... done
Creating openssl ... done
Creating conjur_server ... done
Creating nginx_proxy ... done
Creating conjur_client ... done


Run the following command to see a list of running containers:

$ docker ps -a

Create a Conjur account and initialize the built-in admin user.

$ docker-compose exec conjur conjurctl account create myConjurAccount > admin_data

An account named myConjurAccount is created and the admin user is initialized, following keys are created and stored at admin_data file:

  • admin user API key. Later on, we will use this key to log in to Conjur.
  • myConjurAccount Conjur account public key.

This is a one-time action. For the duration of the container’s life or until additional initcommand is issued, the Conjur client and the Conjur server remain connected.
Use the account name You will be prompted to trust the TLS certificate of the Conjur server. Type `y` to trust the certificate.

docker-compose exec client conjur init -u https://proxy -a myConjurAccount --self-signed


The terminal returns the following output:

Wrote configuration to /root/.conjurrc