Welcome to Conjur!
Conjur provides web services to identify, organize, control, and record access to cloud infrastructure.
It's been designed and built from the ground-up to work ideally with cloud architecture and DevOps principles.
Conjur replaces and/or extends a variety of legacy IAM tools such as Active Directory and LDAP.
Why use it?
Conjur provides an unprecedented level of control and transparency that works equally well with manually managed systems or with massive automation.
With Conjur, your teams and your business will be able to continuously deliver new applications and new functionality using the DevOps techniques and tools you want without compromising the security or compliance of the systems.
And Conjur's reporting capabilities provide a unified way to show your security, compliance, and business teams exactly how your cloud and DevOps systems are being tracked, managed, secured and audited.
How does it work?
Conjur operates as a highly available web service running in your own infrastructure.
Multiple replicated Conjur servers work together to provide high availability and low latency.
Security as code is a key tenet of Conjur. Security policy is written as YML markup, checked into source control and loaded into the Conjur environment. This allows you to treat security policy as you would any other source control asset, offering more transparency and collaboration around your organization's security requirements.
- direct protocol interaction (e.g.
- client libraries for popular languages such as Ruby, Python, Java, and Node.js
- the Conjur command-line interface
- custom scripts and connectors
Conjur implements Role-Based Access Control for both users and machines.
Users of Conjur can:
- store and retrieve secrets
- configure and privilege hosts
- create users and groups
- manage SSH access without placing keys on machines
- and more
Conjur administrators can also delegate authority over subsets of the infrastructure to other groups, and can even write custom scripts and jobs to perform administrative functions such as key rotation.
Everything that happens in the Conjur-managed system is recorded to an immutable audit trail. Full reports of users, groups, machines, secrets, permissions, and system activity are available at any time through the Conjur API and User Interface.
To learn more about how Conjur works, check out the Key Concepts page.
Use the Quick Start Guide to get your own Conjur development environment up and running.
See "Next Steps" on that page to learn more about how you can apply Conjur's capabilities to your own environment.
- [ 2017-01-05 ] / Policy : Common Policy YML operations
- [ 2017-01-05 ] Reference / Policy Reference : Our new YAML format makes it convenient to define and maintain your policies and entitlements; this succeeds the Ruby DSL.
- [ 2016-12-21 ] Reference / Services / LDAP Authenticator : The LDAP Authenticator allows Conjur to use an existing LDAP service (such as Active Directory) to authenticate users.
- [ 2016-12-21 ] Reference / Services / LDAP Sync : LDAP Sync imports corporate Active Directory or POSIX LDAP structure into the Conjur environment.
- [ 2016-12-06 ] Server Setup / Tools / Evoke : A CLI toolkit for configuring and managing Conjur servers.
- [ 2016-12-06 ] Reference / Services / Health : Health check service