I want Help Understanding Conjur Authentication Methods

Secrets Management - Conjur, Secrets Hub & CP
1

Hey everyone,

I have been diving into CyberArk Conjur & while I understand the basics I am a bit stuck when it comes to authentication methods. I see that Conjur supports different ways to authenticate but I am not sure which method is best for different use cases.

if I have an application running in a Kubernetes cluster, should I be using the Kubernetes authenticator or is there a better approach? Also; how does authentication work when integrating Conjur with external services—such as if I wanted to connect it with a CI/CD pipeline or a cloud provider?

I came across a DevOps course that touched on Conjur but it did not go too deep into real-world use cases.

Also i have check this Alternate Authenticators for Conjur's UI? that is good.

Thank you… :blush:

2

From a security angle, its always wise to use platform authentication. Taking your example, for the workloads running inside kubernetes, its better to use kubernetes authentication which is either mTLS or JWT depends upon the environment or ease of management. The reason behind this is to eliminate secret zero problem.
Similarly, for the workloads running in Azure, explore azure authentication with managed identities. This would also help in eliminating secret zero problem.
If you ask me, API key based authentication would be my last resort.
In the end, its solely depends upon your environment and technology choice.