How do I grant permission for a Jenkins host to secrets that were synced using Synchronizer?
My current environment:
Group that were created with synchronizer: Server01/Conjursync1/DAP_Sync2_dev-admins; Server01/ConjurSync1/DAP_Sync2_dev-consumers
I typically recommend having a safe per application.
In this case the jenkins host is the application.
So to give the
!host jenkins-frontend-dev/frontend-dev-01 the ability to read secrets from the safe
To do this I would load the following policy
role: !group Server01/ConjurSync1/DAP_Sync2_Dev/delegation/consumers
member: !host jenkins-frontend-dev/frontend-dev-01
If you want granular control of secrets and only want the jenkins host access to the secrets above then load the following policy
role: !host jenkins-frontend-dev/frontend-dev-01
privilege: [ read, execute ]
- !variable Server01/ConjurSync1/DAP_Sync2_Dev/Cloud Service-AWSAccessKeys-CyberarkUser1/username
- !variable Server01/ConjurSync1/DAP_Sync2_Dev/Cloud Service-AWSAccessKeys-CyberarkUser1/password
Hopefully this answers your question. Please let me know if you have any other questions.
If I was able to answer your question could you please mark my response as solved.
Thanks a bunch,
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.