PKI host certificates are issued through the Conjur API

Hi Conjur Team,

I was looking for ways to store encryption keys (SSL, pem, etc) files in Conjur, while I did not find much information on that yet, I ran into a couple of github links that talk about Conjur CA services.

Can you please take a look and suggest if there is a feature available for application-application auth using CA?
Also, looking for you your input on storing and retrieving the encryption keys and other files into Conjur.

Thanks in advance
Vamsi M.

Hi @vmaddirala ,

For application-application authentication using CA, can you please take a look at this example
to see if it’s similar to what you’re trying to set up:

You should be able to store SSL, pem etc. files directly as variables in Conjur. To write certificate files using the Conjur CLI, you can cat the certificate file, e.g. something like this:

conjur variable values add ssl/certs/private "$(cat example_com.key)"

If you are using Summon to retrieve the certificates, you would likely want to have Summon retrieve the key/certificate into a local temp file using the file syntax in your secrets.yml file:

SSL_CERT: !var:file ssl/certs/private

as described here

Sometimes there are issues in passing the multiline certificates, for example if you’re using .env files. If this is the case, you may want to base64 encode the values before loading into Conjur, and then base64 decode the values after reading back from Conjur. Using base64 encoding converts the multiline key/certificate into a convenient single line value (that can later be base64 decoded back to the original multiline value).

Hope this helps,


Thank you so much for the response. That looks like great match for our requirement.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.