What is Conjur Enterprise?
Conjur Enterprise manages machine identity in your infrastructure. You can use it to control and audit access to cloud resources.
With Conjur Enterprise, your teams and your business will be able to continuously deliver new applications and new functionality using the DevOps techniques and tools you want without compromising the security or compliance of the systems.
And the Conjur Enterprise reporting capabilities provide a unified way to show your security, compliance, and business teams exactly how your cloud and DevOps systems are being tracked, managed, secured and audited.
How does it work?
Conjur Enterprise operates as a highly available web service running in your own infrastructure.
Multiple replicated Conjur servers work together to provide high availability and low latency.
Security as code is a key tenet of Conjur. Security rules are written in files, checked into source control and loaded into the Conjur server cluster. This allows you to treat security policy as you would any other source control asset, adding more transparency and collaboration to your organization's security requirements.
- Direct protocol interaction (e.g.
- Client libraries for popular languages such as Ruby, Python, Java, and Node.js
- The Conjur command-line interface
- Custom scripts and connectors
Conjur Enterprise administrators can also delegate authority over subsets of the infrastructure to other groups, and can even write custom scripts and jobs to perform administrative functions such as key rotation.
Everything that happens in a Conjur Enterprise system is recorded to an immutable audit trail. Full reports of users, groups, machines, secrets, permissions, and system activity are available at any time through the Conjur Enterprise API and User Interface.
Why use it?
Conjur Enterprise has been running in production since 2014, solving real-world problems at companies like Cisco, Discovery Communications, Lookout, AOL, and Machine Zone.
In addition, the Conjur cryptography has been professionally audited and verified.
Simple to Use
You can define your entire infrastructure using only 9 elements: policy, user, group, host, layer, variable, web service, role grant, and permission grant. And with just 5 REST functions you can authenticate, search, fetch secrets, perform permission checks, and fetch public keys.
Policies are defined using YAML, which is easy for both people and machines to read and understand.
Conjur provides full role-based access control, which is a proven model for infrastructure security. Unlike attribute-based access control, role-based access control is not susceptible to unexpected side-effects, and it scales very well to large systems through the use of role delegation.
Easy to deploy and operate
Conjur Enterprise has built-in high-availability. It is available in a variety of forms including Docker container and Amazon Machine Image.
You can use Conjur Enterprise to solve many different problems. For example:
- Defining privileges on machines, web services, and secrets.
- Delegating management to subsets of infrastructure to human teams.
- Automatically rotating secrets without human access or intervention.
- Distributing SSL certificates to internal and external servers.
- Securely and automatically enrolling new machines into controlled enviroments.
- Controlling web service traffic between services.
- Managing and distributing public keys.
- Automatically rotating SSH private keys.
- Distributing database passwords (and other types of credentials) to applications and services.
- Providing authorization logic for configuration management and container orchestration.
Conjur Enterprise is easily programmable by interacting with the REST API. This capability can be used to provide custom authentication and authorization for popular DevOps tools.
Use the Conjur Enterprise Quick Start to get your own Conjur development environment up and running.
- [ 2018-04-30 ] Reference / Integrations / Kubernetes and OpenShift : Integrate Kubernetes and OpenShift applications with Conjur
- [ 2018-03-30 ] Reference / Integrations / Cloud Foundry : Integrate CF applications with Conjur
- [ 2018-03-28 ] Reference / Integrations / Enterprise Password Vault : Integrate CyberArk EPV with Conjur
- [ 2018-03-12 ] Server Setup / High Availability / Self-Healing : Self-healing...
- [ 2018-03-12 ] Server Setup / High Availability / Cluster Deployment : Cluster deployment...
- [ 2018-02-07 ] Reference / Integrations / Pivotal Cloud Foundry : Integrate PCF applications with Conjur