Conjur failover : Missing conjur_authenticator variable


We have configured to add multiple authenticators to the conjur container as an variable that will be placed under conjur.conf, however when there is a failover happening, the new elected master and the standby attached to it wipes out the added authenticator list ( CONJUR_AUTHENTICATORS) from the configuration and have only default authn, this is having major issue while the followers trying to contact the master.

Any idea how can this be fixed, we tried with as adding env variable while container build, however this is the not solution in case need to add a new, the complete container need to be rebuilt.

Appreciate your responses.


For anyone who is also interested: in version 12.0 this got solved by using possum.conf instead of conjur.conf.
They are both located under /opt/conjur/etc/ so please use possum.conf for variables, like CONJUR_AUTHENTICATORS, that require surviving a failover.

1 Like