WHY CONJUR
Conjur is an open source programmatic interface, for securely authenticating, controlling, and auditing non-human access across tool stacks, platforms, and cloud environments via robust secrets management. Conjur helps organizations implement secrets management best practices including strong authentication, least privilege, role-based access control (RBAC), credential rotation, management, and audit.
Unify Auditing and Policy Across Tools, Applications, Containers, and Clouds
Conjur provides a consistent programmatic interface that simplifies application development by offering a centralized platform for secrets management and controlling access to non-human identities. Developers can more easily secure, audit, store, and fetch secrets across CI/CD tool stacks, containerization and cloud platforms, spending less time learning secrets management tools and more time delivering value.
Secure and Authenticate Containers Natively
Establishing a strong non-human identity is the most important step in securing secrets and the access they provide. If a container requesting secrets can’t be authenticated, then it shouldn’t be authorized, so it is important that this process is as strong as possible. Conjur authenticates clients and issues strong non-human identity to containerized applications running on Kubernetes, OpenShift, Cloud Foundry and Pivotal Cloud Foundry.
Consistently Control Access for Non-human Identities
Conjur enables organizations to consistently enforce security policies for non-human identities by offering a centralized platform for secrets management and access control which spans tools, applications, container platforms, CI/CD pipelines, hybrid and multi-cloud environments. Conjur eliminates the security islands created by the individual tools and cloud providers, each of which offer varying degrees of secrets management functionality and are unable to securely share secrets with each other or natively integrate with the various platforms.
Isolate Secrets From Applications
Conjur open source offers the Secretless capability which isolates secrets from the application layer, enabling applications to securely connect to protected services and resources without fetching, managing, or handling secrets.
The Secretless Broker capability reduces the application attack surface by eliminating the possibility of applications inadvertently leaking secrets to logs while reducing application development complexity related to secrets management.