Welcome to Conjur!
What is Conjur?
Conjur is a tool to authorize and audit your DevOps and cloud infrastructure. Conjur replaces and/or extends a variety of legacy IAM tools such as Active Directory and OpenLDAP, and provides new capabilities that meet the specific needs of DevOps and cloud.
"Conjurize" Your Hosts
"conjurize" is a general term that our customers use to describe a machine which is managed by Conjur. The machine ("host", in Conjur parlance) has been assigned a unique identity and authorization privileges. It's also has OpenSSH and PAM installed and configured for SSH authentication and fine-grained authorization, provided by Conjur Pubkeys and LDAPS. Conjur is not an agent! It works with standard, open-source Linux packages.
Once conjurized, a host can also be authorized to securely fetch and use infrastructure "secrets", such as database passwords and SSL certificates. All SSH and secrets activity is audited in detail.
Learn more about
Securely Manage and Distribute Secrets
Conjur provides encrypted, access-controlled, and audited storage and distribution for infrastructure secrets like database passwords, cloud credentials, SSL certificates, and private keys. Each secret can be configured with permissions for people and machines to update and / or fetch the secret. All access to secrets is audited in detail, so it's obvious which secrets are being used, and where, and by which people and machines.
Learn more about secrets
Organize Infrastructure into Layers
Conjur provides a unique capability called Layers. A Layer is a group of machines that share access rules. All machines in a Layer are accessible by the same SSH users, and they have the same access to secrets. With just a few Layers, a complex system can be quickly conjurized and organized. Layers are also highly amenable to auto-scaling and ephemeral computing; hosts can be easily added to and removed from Layers by code and scripts.
Learn more about Layers
High Availability Deployment
Conjur runs in your own cloud or multi-cloud environment, deployed as a highly available (HA) multi-server system. Conjur HA is architected specifically for cloud; it's easy to scale out or up, and it handles net splits and network outages gracefully. None of our customers running Conjur HA have ever experienced a full service outage.
Learn more about HA
Extend Your Enterprise Directory
You can import Users and Groups from an existing LDAP or ActiveDirectory, and you can create Users and Groups in Conjur. The result is a "blended" system which extends and enhances your existing enterprise directory. And if you don't have a directory today, you can do all the User and Group management in Conjur.
Script and Automate
Conjur is fully programmable through its HTTPS API. In addition, we provide a comprehensive command-line interface (CLI), as well as API client libraries for Ruby, Python, Java, and Node.js. You'll never be stuck in a tedious manual process; if you can think of a way to automate your way out of it, it can be done with Conjur.
Learn more about scripting Conjur
- [ 2015-02-05 ] conjurize Generate a script to install Conjur onto a machine
- [ 2015-02-04 ] VMware
- [ 2014-09-24 ] Puppet Install Conjur client, install or boostrap host identity and use Conjur to keep your secrets out of manifests and master.
- [ 2014-09-04 ] Chef Bootstrap host identity using Chef, and install and configure Conjur using Chef cookbooks.
- [ 2014-08-31 ] Host Factory Integrate host identity with cloud management, orchestration, and configuration management tools
- [ 2014-08-08 ] Host Management Creating and managing hosts.
- [ 2014-07-18 ] Custom Audit Records Learn to store and retrieve custom audit events
- [ 2014-06-24 ] SaltStack + Conjur SSH Use SaltStack to register client VMs and configure them for Conjur SSH.