How can i dynamically add secrets only available for that created user in Conjur

wazeem.sds · September 2, 2019, 4:43am

I am trying to implement conjur into my application. What i want to do is, I want to store users secret data like multiple email_ids password( one user can have multiple email accounts) into conjur. I have seen that before storing a secret i have to specify variable name and load that policy . So how can i dynamically add secrets only available for that created user in conjur.

joe.garcia · September 3, 2019, 9:02pm

You would need to load a policy establishing the secret variables to start.

An example policy would be something like…

---
- !policy
  id: username
  body:
    - &emails
      - !variable email1%40domain.com
      - !variable email2%40domain.com
      - !variable email3%40domain.com

    - !permit
      role: !user username
      privileges: [ read, execute ]
      resources: *emails

In Conjur, the secret variable path will be username/email1%40domain.com

I haven’t tried using a non-urlified @ before, so if that’s how you want it, I’d suggest giving it a test first.

Topic		Replies	Views
How to give permissions to all the policy ids, variables mentioned through one host id(apikey) Secrets Management - Conjur, Secrets Hub & CP	7	404	September 10, 2021
Conjur policy for prod and dev Secrets Management - Conjur, Secrets Hub & CP	5	279	November 16, 2022
Incorporating Conjur in Integration Test Suite Secrets Management - Conjur, Secrets Hub & CP	2	312	September 29, 2022
Conjur Policy version Secrets Management - Conjur, Secrets Hub & CP	8	779	January 28, 2020
Can I Store a File as a Secret? Guides and HowTo's	18	2965	January 26, 2022

How can i dynamically add secrets only available for that created user in Conjur

Related topics