View pipeline.yml
---
jobs:
- name: job-hello-world
public: true
plan:
- task: hello-world
config:
platform: linux
image_resource:
type: docker-image
View department-aws.yml
- !policy
id: department/aws
annotations:
platform: aws
department: tableau-server-dev
body:
- &secrets
- !variable department/aws/access-key-id
- !variable department/aws/secret-access-key
View install-pivotal.md
View conjur-rbac.yml
########
# USERS POLICY EXAMPLE
########
---
- !user ted # no group
- !user carol # developer
- !user bob # devops
- !user alice # sec_ops
- !group developers
View conjur-orchestrated.md

CyberArk Conjur - Orchestrated Mini-Cluster

Conjur Master

############################
conjur_master_up() {
  echo "-----"
  if [[ "$(docker images conjur-appliance:latest | grep conjur-appliance)" == "" ]]; then
  	if [[ "$CONJUR_CONTAINER_TARFILE" == "" ]]; then
View conjur-rotator.md

CyberArk Conjur - Secrets Rotation

Policy Showing AWS Secret Key Rotator

aws-policy.yml
 - !policy
   id: aws
   body:
View conjur-securelogs.md

CyberArk Conjur - Secure Logs

All of the audit data recorded by CyberArk Conjur is kept within the Conjur Master and is immutable. You may utilize the Conjur UI, Conjur CLI, or syslog to SIEM to view audit data.

Audit Logs via CLI

# View the last 10 audit events for the variable 'dev/mongo/password'
$ conjur audit resource -s -l 10  variable:dev/mongo/password
[2015-12-04 22:09:19 UTC] conjur:host:dev/mongo001 checked that they can
View conjur-triggerha.md

CyberArk Conjur High-Availability (Manual Demo)

CyberArk Conjur Enterprise Edition v4.9.16.0 and up all include automated failover with automated cluster self-healing.

If we were to trigger a failover and recover in a manual way, this is how it would be done.

###########################
kill_master() {
	printf "\n-----\nKilling current master...\n"
View conjur-revocation.yml
##########
# CyberArk Conjur Policy permitting access to secrets
##########
---
- !policy
id: webapp1
owner: !group devops
body:
- &variables
- !variable database_password
View conjur-machineidentity.md

CyberArk Conjur - Machine Identity

Conjur CLI

$ conjur host create namespace/hostid
{
  "id": "hostid",
  "userid": "admin",
  "created_at": "2015-02-05T19:26:23Z",