How can i dynamically add secrets only available for that created user in Conjur

I am trying to implement conjur into my application. What i want to do is, I want to store users secret data like multiple email_ids password( one user can have multiple email accounts) into conjur. I have seen that before storing a secret i have to specify variable name and load that policy . So how can i dynamically add secrets only available for that created user in conjur.

1 Like

You would need to load a policy establishing the secret variables to start.

An example policy would be something like…

---
- !policy
  id: username
  body:
    - &emails
      - !variable email1%40domain.com
      - !variable email2%40domain.com
      - !variable email3%40domain.com

    - !permit
      role: !user username
      privileges: [ read, execute ]
      resources: *emails

In Conjur, the secret variable path will be username/email1%40domain.com

I haven’t tried using a non-urlified @ before, so if that’s how you want it, I’d suggest giving it a test first.

3 Likes