Conjur

About a month ago, a new release of Conjur Enterprise was launched—now at version 13.4, bringing exciting new features to the product! Here are my top three favorites, though there are many more updates, which you can find here: Sync of empty safes from Vault: This is essential for managing policy creation through automation. Dynamic application configuration: It is now possible to modify various Conjur configuration parameters that previously had to be set when creating the container. Now, they are all included in the usual conjur.yml. Extended ESO support: The External Secrets Operator can now use regex in findByName and findByTags. As has been the case for several releases, I’d like to reiterate that CyberArk’s development of Conjur is moving quickly, and with each release, the product becomes more and more complete. ...

One week ago, CyberArk released another update for Conjur Enterprise, which has now reached version 13.2—definitely another step in the right direction! This release includes the usual bug fixes, expands Conjur’s integrations (for example, OpenShift 4.14 is now supported), and, most importantly, adds two exciting new features: CyberArk Vault Synchronizer high availability support Enhanced Conjur support for the Container Storage Interface (CSI) driver Synchronizer high availability enhances Conjur’s disaster recovery (DR) strategy. It is now possible to set up a “passive” Synchronizer in a DR site that is aware of the status of the primary Synchronizer and can take over in case of a failure. ...

A couple of weeks ago, CyberArk released a new and interesting version of Conjur: 13.1. This point release is really interesting because it brings important under-the-hood updates that aim to increase the resiliency of followers. If you want to read more about this release, please check out the article I wrote on the SIGHUP blog.

During the previous days, CyberArk has released version 13.0 of Conjur Enterprise. What’s new? Who should consider upgrading, and why? I’ve published an article on these topics here on the SIGHUP blog.

CyberArk Conjur is released as an appliance and distributed as container images to enable fast, error-free setup. The supported container runtimes include: Docker 20.10 or later Mirantis Container Runtime 20.10 Podman 3.x, 4.x While working with multiple Conjur environments in our labs and at customer sites, we noticed that log rotation (for Conjur, Nginx, cluster, etc.) did not function correctly on Podman, although it worked as expected on Docker. After some investigation with the excellent CyberArk support team, we identified the solution: ...

During our work with a CyberArk Conjur environment, we encountered strange behavior during the Conjur follower setup. The setup process on the follower would start, the seed was received, imported, and expanded, but after a few more steps, the process would hang and end with a generic “System Error.” After displaying the error message, the Conjur follower would restart. We performed troubleshooting inside the Conjur Follower pod and verified that the follower could connect to the Conjur API leader successfully, but it was unable to connect to the Postgres database and complete the initial replication. ...

During the past few weeks, I have described what a secrets manager is and provided an overview of the architecture and system requirements of CyberArk Conjur. A secrets manager can’t do its job if it can’t communicate with those who need to request secrets, and that’s where Conjur’s magic comes in! The “authenticators” are responsible for the authentication process in Conjur and are specialized to do this in the most secure way, depending on the service. Here is the list of authenticators currently supported: ...

As I wrote in my last post, CyberArk Conjur is an enterprise secrets manager. , CyberArk Conjur is an enterprise secrets manager. In this post, I’ll provide an architecture overview along with the main system requirements. Conjur is currently available in two versions: Enterprise and open source (known as OSS). A “cloud” version will be available soon, offered as a SaaS solution. This post focuses on the Enterprise version, which is similar but not identical to the OSS version. ...

Security is always a complex topic to address, as an error or omission in processes can lead to serious economic or reputational damage for a company. When we talk about “secrets,” consider the following examples: Usernames Database passwords SSL certificates and keys SSH keys Cloud credentials Simply reading through this list helps to explain why this topic needs to be considered and handled carefully. Some common bad practices or risks include: ...