Open source secrets management and application identity for machine access across modern infrastructure
- Stars935
- Forks147
- Open Issues167
Other
- Ruby
- Gherkin
- Shell
About Conjur
Conjur provides secrets management and application identity for modern infrastructure. It is built to secure non-human access by managing identities, storing secrets, and controlling access with a policy model for humans and machines.
It uses Machine Authorization Markup Language - MAML - to define roles, privileges, and metadata. A REST web service manages identity lifecycles, organizes and searches roles and data, authorizes access to resources, and stores secrets for secure retrieval. It also includes built-in authenticators and rotators, plus support for custom authenticators and custom rotators.
Conjur runs in Docker containers with PostgreSQL as the backing data store and can use an external managed database such as AWS RDS. It supports multiple accounts in the same database and provides a migration path to CyberArk Secrets Manager, Self-Hosted. The server is LGPL v3.0, with commercial licenses also available from CyberArk.
Key features
- MAML policy language for roles, privileges, and metadata
- REST web service for identity lifecycle and access control
- Built-in and custom authenticators
- Built-in and custom rotators
- Stores secrets and encrypted keys in PostgreSQL
Details
- First released
- 2016
- Self-hosting
- Docker container(s) with PostgreSQL
- Database
- PostgreSQL 15
- Deployment
- Docker · external database
- Multi-tenancy
- Multiple accounts per database
- Encryption
- AES-256-GCM; encrypted keys in DB