Migrating conjur data to new cojur instance (secrets sourced from PAM Vault)

senko · November 9, 2023, 3:47am

Hey Everyone - looking for some general ideas on how the current Conjur data can be migrated to a new Conjur instance with a new instance of PAM ?

To be more clear, let’s say customer A has a older PAM version with Conjur syncing the secrets from the PAM. Customer decides to spin up a new PAM vault with same data from old PAM with a new instance of conjur and replicate the secrets to conjur. I am convinced that the secrets can be easily synced through the Vault synchronizer to the new Conjur instance, however how do we solve the below challenges ?

How to replicate the authenticators ?
How to replicate the policies ?
How to replicate the workloads ?

ECD · December 4, 2023, 2:42pm

@senko,

Consider the following:

Q1: How to replicate the authenticators ?
A1: Consider preforming a (e.g., docker/podman exec evoke backup), followed by a restore on the newest version (may have to follow upgrade guidelines for Conjur Enterprise - do do an upgrade to each version in between current and future state), this should* contain all the variable data. You will then need to enable the authenticators (e.g., via conjur.yml)

Q2: How to replicate the policies ?
A2: Same as above.

Q3: How to replicate the workloads ?
A3: @senko - please explain.

Hope this helps,
E

Topic		Replies	Views
Concourse integration with DAP Conjur Enterprise howto	3	1432	August 1, 2022
Incorporating Conjur in Integration Test Suite Secrets Management - Conjur, Secrets Hub & CP	2	241	September 29, 2022
Obvious authn-k8s token question Secrets Management - Conjur, Secrets Hub & CP kubernetes	3	479	August 20, 2020
Conjur set-up and usage of credentials in springboot app Development	2	457	September 10, 2021
Conjur-OSS as a service hosted in dedicated kubernates cluster Secrets Management - Conjur, Secrets Hub & CP	3	202	January 26, 2023

Migrating conjur data to new cojur instance (secrets sourced from PAM Vault)

Related Topics