infamousjoeg/conjur-revocation.yml

## conjur-revocation.yml
##########
# CyberArk Conjur Policy permitting access to secrets
##########
---
- !policy
  id: webapp1
  owner: !group devops
  body:
  - &variables
    - !variable database_password

  - !layer

  - !host tomcat_host

  - !grant
    role: !layer
    member: !host tomcat_host

  - !permit
    role: !layer
    privileges: [ read, execute ]
    resource: *variables

##########
# CyberArk Conjur Policy denying access to secrets
##########
---
- !policy
  id: webapp1
  owner: !group devops
  body:
  - &variables
    - !variable database_password

  - !layer

  - !host tomcat_host

  - !grant
    role: !layer
    member: !host tomcat_host

  - !deny
    role: !layer
    privileges: [ read, execute ]
    resource: *variables
	##########
	# CyberArk Conjur Policy permitting access to secrets
	##########
	---
	- !policy
	id: webapp1
	owner: !group devops
	body:
	- &variables
	- !variable database_password

	- !layer

	- !host tomcat_host

	- !grant
	role: !layer
	member: !host tomcat_host

	- !permit
	role: !layer
	privileges: [ read, execute ]
	resource: *variables

	##########
	# CyberArk Conjur Policy denying access to secrets
	##########
	---
	- !policy
	id: webapp1
	owner: !group devops
	body:
	- &variables
	- !variable database_password

	- !layer

	- !host tomcat_host

	- !grant
	role: !layer
	member: !host tomcat_host

	- !deny
	role: !layer
	privileges: [ read, execute ]
	resource: *variables