2. DEFINE POLICY
8 min.
In this unit you will learn how to load your first policy.
Formatted in YAML, policy defines Conjur entities and the relationships between them. An entity can be a policy, a host, a user, a layer, a group, or a variable.
A sample application policy named BotApp.yml is provided in the client container under policy directory.
At the end of this section:
As a privileged user, you will load a policy that defines a human user, a non-human user that represents your application, and a variable.
Prerequisite
You have completed Unit 1.
Log in to Conjur as admin. When prompted for a password, insert the API key stored in the admin_data file:
docker-compose exec client conjur login -i adminVerification
When you successfully log in, the terminal returns:
Logged in
Load the provided sample policy into Conjur built-in root policy to create the resources for the BotApp:
docker-compose exec client conjur policy load -b root -f policy/BotApp.yml > my_app_dataConjur generates the following API keys and stores them in a file, my_app_data:
- An API key for Dave, the human user. This key is used to authenticate user Dave to Conjur.
- An API key for BotApp, the non-human identity. This key is used to authenticate BotApp application to Conjur.
Those API keys is correlated with the number of Users & Hosts defined in a policy.
Verification
The terminal returns:
Loaded policy 'root'
Log out of Conjur:
docker-compose exec client conjur logoutVerification
When you successfully log out, the terminal returns:
Logged out
