Conjur Ansible Role
The Conjur Ansible Role can be used to configure a host with a Conjur machine identity. Through integration with Conjur, the machine can then be granted least-privilege access to retrieve the secrets it needs in a secure manner. This approach reduces the administrative power of the Ansible host and prevents it from becoming a high value target. Conjur integration also provides additional benefits, including storing security policy as code, and simplified secret rotation.
See the Conjur Ansible Role GitHub repo for integration instructions and a discussion of the security tradeoffs involved in the potential integration approaches.