HOW CONJUR WORKS

Conjur manages the secrets required by applications and other non-human identities to gain access to critical infrastructure, data and other resources. Conjur secures this access by managing secrets with granular Role-Based Access Control (RBAC) and other security best practices and techniques. For example, when a containerized application requests access to a resource, Conjur securely authenticates the application by leveraging the native attributes of the container. Then if the application is authorized to access the resource within the RBAC policy, Conjur securely distributes the secret.

Conjur Technical Overview

Security policy as code is the foundation of Conjur. Security rules are written in .yml files, checked into source control, and loaded onto the Conjur server. Security policy is treated like any other source control asset, adding transparency and collaboration to the organization’s security requirements.

Conjur provides HTTPS web services, plus integration with existing tools and applications. Conjur services can be consumed by:

  • Direct protocol interaction. For example, cURL or ldapsearch
  • Client libraries for popular languages such as Ruby, Python, and Java
  • The Conjur command-line interface
  • Custom scripts and connectors
  • Conjur administrators who delegate authority over subsets of the infrastructure to other groups, or write custom scripts and  jobs to perform administrative functions such as key rotation

Conjur captures events related to authentication and access to Conjur secrets in an immutable audit trail. Reports of users, groups, machines, secrets, permissions, and system activity are always available using the Conjur API.