Conjur OSS: How to define conjur server endpoint

Newbie to Conjur here! I’ve followed through the OSS quickstart guide as well as this tutorial; App and Secrets Enrollment Tutorial: Organizing Policy Management

Part of the quickstart guide made use of docker compose exec client conjur init -u https://proxy -a myConjurAccount --self-signed

where the url is https://proxy - is this something that I can change? Reason being, i’m trying to expose the service publicly so that I can make REST api calls via POSTMAN

Each time I try and make a cURL request like curl -d “{{apikey}}” -k https://proxy/authn/myConjurAccount/host%2Ffrontend%2Ffrontend-01/authenticate I get the following error: (6) Could not resolve host: proxy

Also, how can I deploy the docker image so that other users on my team can test creating their own secrets? Is there an extensible UI of sorts?

Please help! Thank you!

Hi @gregWorkatoo - thanks for trying Conjur!

where the url is https://proxy - is this something that I can change?

The Conjur OSS quick start guide is using Docker Compose to deploy a number of relevant services - the URL https://proxy is an internal address on the Docker network created for the project, accessible from services within the environment.

i’m trying to expose the service publicly so that I can make REST api calls via POSTMAN

Running curl commands that target https://proxy will work if they are run from inside a container in the same Compose environment. Otherwise, the proxy service has its port 443 mapped to host port 8443 - from Postman, replacing requests to https://proxy with requests to https://localhost:8443 should get the job done.

Also, how can I deploy the docker image so that other users on my team can test creating their own secrets?

The easiest path is probably to deploy the Conjur container to any cloud platform with Docker support - I don’t think we have any published guidance for these cases. I know the AWS Marketplace offers a Conjur Open Source AMI.

Is there an extensible UI of sorts?

Not with our open source offering - we offer a UI as part of Conjur Enterprise, but Conjur Open Source works through either its API or CLI.

Thanks John that did the trick!

For anyone else wondering; you’d first need to install the Postman desktop app in order for the requests to be sent to your conjur server that’s on your localhost;

We first need to get the conjurToken before we can retrieve the secret:

Here’s what the curl request would look like:

GET conjurToken:

curl --location 'https://localhost:8443/authn/myConjurAccount/host%2F{{host-name}}/authenticate' \
--header 'Accept-Encoding: base-64' \
--header 'Content-Type: text/plain' \
--data '{{apiToken created for your host}}'

Note: Even though i included Accept-Encoding: base-64 in the headers, the response I got looked something like: don’t panic, all you need to do is base-64 encode the entire json response to get the actual token value

{
    "protected": "eyJhxxxxx",
    "payload": "eyJzdWIixxxxx",
    "signature": "r1Gxxxx"
}

Retrieve Secret:

curl --location 'https://localhost:8443/secrets/myConjurAccount/variable/{{variableName}}' \
--header 'Authorization: Token token="ewogICxxxx"' '

If you’re unsure what the name of your variable is, you can always use

conjur list

Glad it’s working!

You should be able to resolve your encoded token issue by updating the Accept-Encoding header to base64, without the dash between base and 64. That should return your encoded token.