What is Conjur?
Conjur manages machine identity in your infrastructure. You can use it to control, and audit access to cloud resources.
With Conjur, your teams and your business will be able to continuously deliver new applications and new functionality using the DevOps techniques and tools you want without compromising the security or compliance of the systems.
And Conjur's reporting capabilities provide a unified way to show your security, compliance, and business teams exactly how your cloud and DevOps systems are being tracked, managed, secured and audited.
How does it work?
Conjur operates as a highly available web service running in your own infrastructure.
Multiple replicated Conjur servers work together to provide high availability and low latency.
Security as code is a key tenet of Conjur. Security rules are written in files, checked into source control and loaded into the Conjur server cluster. This allows you to treat security policy as you would any other source control asset, adding more transparency and collaboration to your organization's security requirements.
- Direct protocol interaction (e.g.
- Client libraries for popular languages such as Ruby, Python, Java, and Node.js
- The Conjur command-line interface
- Custom scripts and connectors
Conjur administrators can also delegate authority over subsets of the infrastructure to other groups, and can even write custom scripts and jobs to perform administrative functions such as key rotation.
Everything that happens in the Conjur-managed system is recorded to an immutable audit trail. Full reports of users, groups, machines, secrets, permissions, and system activity are available at any time through the Conjur API and User Interface.
Why use it?
Conjur has been running in production since 2014, solving real-world problems at companies like Cisco, Discovery Communications, Lookout, AOL, and Machine Zone.
In addition, Conjur’s cryptography has been professionally audited and verified.
Simple to Use
You can define your entire infrastructure using only 9 elements: policy, user, group, host, layer, variable, web service, role grant, and permission grant. And with just 5 REST functions you can authenticate, search, fetch secrets, perform permission checks, and fetch public keys.
Policies are defined using YAML, which is easy for both people and machines to read and understand.
Conjur provides full role-based access control, which is a proven model for infrastructure security. Unlike attribute-based access control, role-based access control is not susceptible to unexpected side-effects, and it scales very well to large systems through the use of role delegation.
Easy to deploy and operate
Conjur has built-in high-availability, and it's available in a variety of forms including Docker container, Amazon Machine Image, and RPM installer.
You can use Conjur to solve many different problems. For example:
- Defining privileges on machines, web serivces, and secrets.
- Delegating management to subsets of infrastructure to human teams.
- Automatically rotating secrets without human access or intervention.
- Distributing SSL certificates to internal and external servers.
- Securely and automatically enrolling new machines into controlled enviroments.
- Controlling web service traffic between services.
- Managing and distributing public keys.
- Automatically rotating SSH private keys.
- Distributing database passwords (and other types of credentials) to applications and services.
- Providing authorization logic for configuration management and container orchestration.
Conjur is easily programmable by interacting with the REST API. This capability can be used to provide custom authentication and authorization for popular DevOps tools.
Use the Quick Start Guide to get your own Conjur development environment up and running.
- [ 2017-03-02 ] Reference / Integrations / Puppet : Configure Conjur on client machines with Puppet
- [ 2017-01-05 ] / Policy : Common Policy YML operations
- [ 2017-01-05 ] Reference / Policy Reference : Our new YAML format makes it convenient to define and maintain your policies and entitlements; this succeeds the Ruby DSL.
- [ 2016-12-21 ] Reference / Services / LDAP Authenticator : The LDAP Authenticator allows Conjur to use an existing LDAP service (such as Active Directory) to authenticate users.
- [ 2016-12-21 ] Reference / Services / LDAP Sync : LDAP Sync imports corporate Active Directory or POSIX LDAP structure into the Conjur environment.
- [ 2016-12-06 ] Server Setup / Tools / Evoke : A CLI toolkit for configuring and managing Conjur servers.