Secrets-Management

About a month ago, a new release of Conjur Enterprise was launched—now at version 13.4, bringing exciting new features to the product! Here are my top three favorites, though there are many more updates, which you can find here: Sync of empty safes from Vault: This is essential for managing policy creation through automation. Dynamic application configuration: It is now possible to modify various Conjur configuration parameters that previously had to be set when creating the container. Now, they are all included in the usual conjur.yml. Extended ESO support: The External Secrets Operator can now use regex in findByName and findByTags. As has been the case for several releases, I’d like to reiterate that CyberArk’s development of Conjur is moving quickly, and with each release, the product becomes more and more complete. ...

One week ago, CyberArk released another update for Conjur Enterprise, which has now reached version 13.2—definitely another step in the right direction! This release includes the usual bug fixes, expands Conjur’s integrations (for example, OpenShift 4.14 is now supported), and, most importantly, adds two exciting new features: CyberArk Vault Synchronizer high availability support Enhanced Conjur support for the Container Storage Interface (CSI) driver Synchronizer high availability enhances Conjur’s disaster recovery (DR) strategy. It is now possible to set up a “passive” Synchronizer in a DR site that is aware of the status of the primary Synchronizer and can take over in case of a failure. ...

A couple of weeks ago, CyberArk released a new and interesting version of Conjur: 13.1. This point release is really interesting because it brings important under-the-hood updates that aim to increase the resiliency of followers. If you want to read more about this release, please check out the article I wrote on the SIGHUP blog.

During the previous days, CyberArk has released version 13.0 of Conjur Enterprise. What’s new? Who should consider upgrading, and why? I’ve published an article on these topics here on the SIGHUP blog.

As you may know, one of the key components of the CyberArk Conjur architecture is the Synchronizer, which is required to receive secrets from the Vault. Last week, I took charge of an abandoned Synchronizer version 11.7 that had not been working for some time and also needed to be upgraded to the latest 12.7 release. After completing the upgrade (check this link for the steps), the Windows service failed to start, and the log contained the following error: ...

During the past few weeks, I have described what a secrets manager is and provided an overview of the architecture and system requirements of CyberArk Conjur. A secrets manager can’t do its job if it can’t communicate with those who need to request secrets, and that’s where Conjur’s magic comes in! The “authenticators” are responsible for the authentication process in Conjur and are specialized to do this in the most secure way, depending on the service. Here is the list of authenticators currently supported: ...

Security is always a complex topic to address, as an error or omission in processes can lead to serious economic or reputational damage for a company. When we talk about “secrets,” consider the following examples: Usernames Database passwords SSL certificates and keys SSH keys Cloud credentials Simply reading through this list helps to explain why this topic needs to be considered and handled carefully. Some common bad practices or risks include: ...

Hello there! How are you? I’m really good! As you may have seen on my social media, starting from the 16th of May, I’ve begun a new position as Senior DevSecOps at SIGHUP. I’m really excited about this new opportunity, and I’m writing this post because it will also have an effect on this blog’s focus. The topics will shift from previous subjects to cloud-native infrastructure security, starting with tools like CyberArk Conjur. The previous content on this blog will remain here forever. I believe it could be helpful for some time, and I also want to honor my HCL Ambassador role. ...