Does the Secretless Broker capability (of Conjur Open Source and DAP, the enterprise version) work with configuration management tools like Puppet, Ansible and Chef?
(this was a question from an attendee on the 9/5/19 Secretless Webinar which may be of interest to others)
How does Secretless Broker deal with downtime related to credential rotation (e.g., CPM delays for password change)? Would dual account concept apply here?
(this was a question from an attendee on the 9/5/19 Secretless Webinar which may be of interest to others)
When your CyberArk vault is configured to use dual accounts, Secretless continues to serve new and existing connection requests during rotation with virtually no downtime. Since Secretless does not store secrets in memory and retrieves new credentials with each new connection request, once the new set of creds is available it will automatically use them to open up any new connections.
If your configuration management tools have an API, you may be able to communicate with them via Secretless using our built-in basic auth-based HTTP connector (or soon, by helping us build an HTTP connector for your specific tool.
For other use cases, please let us know how you’d like to use it! We’re planning our roadmap now, and it includes extending support for deploying Secretless with applications in environments beyond Kubernetes and OpenShift - but if you are interested in using it another way, we would be glad to work with you.