I am trying to implement conjur into my application. What i want to do is, I want to store users secret data like multiple email_ids password( one user can have multiple email accounts) into conjur. I have seen that before storing a secret i have to specify variable name and load that policy . So how can i dynamically add secrets only available for that created user in conjur.
You would need to load a policy establishing the secret variables to start.
An example policy would be something like…
--- - !policy id: username body: - &emails - !variable email1%40domain.com - !variable email2%40domain.com - !variable email3%40domain.com - !permit role: !user username privileges: [ read, execute ] resources: *emails
In Conjur, the secret variable path will be
I haven’t tried using a non-urlified
@ before, so if that’s how you want it, I’d suggest giving it a test first.