Conjur Ansible Role

The Conjur Ansible Role can be used to configure a host with a Conjur machine identity. Through integration with Conjur, the machine can then be granted least-privilege access to retrieve the secrets it needs in a secure manner. This approach reduces the administrative power of the Ansible host and prevents it from becoming a high value target. Conjur integration also provides additional benefits, including storing security policy as code, and simplified secret rotation.

Integration

See the Conjur Ansible Role GitHub repo for integration instructions and a discussion of the security tradeoffs involved in the potential integration approaches.