Setting CONJUR_AUTHENTICATORS in docker-compose.yml


This is like a very obvious quick fix for someone. I cannot set the authenticators following the guide here.

I’m spinning up using the docker-compose method, which works fine, except whatever I set for CONJUR_AUTHENTICATORS seems to be completely ignored. I can set it to anything, including random strings, but the log in the container never changes.

Here’s a snippet:

image: cyberark/conjur:latest
command: server -a cucumber
PORT: 3000
DATABASE_URL: postgres://postgres@postgres/postgres
CONJUR_DATA_KEY: “W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=”

Is this the incorrect method? Would I do the same in a Helm deployment into Kubernetes?

Thanks in advance,

Hey Lee,

You’re following our CyberArk DAP documentation for enterprise. If you’re using Conjur, our OSS, you’ll want to use those docs.

Here’s a direct link on how to handle CONJUR_AUTHENTICATORS for Conjur:

Currently, you are listing authn-k8s without a service ID. Add that on and you should be golden.


Hey @leighcee,
I believe you are using the variables correctly but the authn-k8s authenticator needs an ID appended to it like this:

  - DATABASE_URL: postgres://postgres@postgres/postgres
  - CONJUR_DATA_KEY: “W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=”
  - CONJUR_AUTHENTICATORS: "authn,authn-k8s/my_authenticator_id"

Let me know if that doesn’t work,


You’ll also want to re-generate a new CONJUR_DATA_KEY value, as well.

Thanks Joe.

Sorry, I’d pasted the wrong link! I’d actually followed the OSS docs and tried with a service ID and it didn’t work. I’ll try again.

To be honest, I’m close to giving up as things just don’t happen like the docs. For example, I cannot find out how to verify the k8s authenticator is up and running - Setting up a status webservice hasn’t worked for me.


Thanks again Srdjan, really appreciated.

I’d actually tried with an ID with no joy. The subsequent webservice instructions look simple, and I am sure I’ve followed them correctly, but looks like the authenticator is not working:

curl -H “$(conjur authn authenticate -H)” --cacert /home/lee/conjur-default.pem
Errors::Authentication::StatusNotImplemented: CONJ00056E Status check not implemented for authenticator

The docs mention a plugin a few times but I’m not sure if this needs to be separately installed. The conjur client also has a “plugin list” command but this returns nothing.

Please let me now what info I can add here - I’m stuck :frowning:

Kind regards,

Hi @sgnn7 and @joe.garcia,

Turns out I can’t read… I spent two days trying to set up a webservice to view the status of my k8s authenticator, but have just noticed here that:

Supports: OIDC Authenticator; Azure Authenticator

So looks like I have been wasting my time! I’ll go through the rest of the guide and try and get end-to-end k8s authentication working using the sidecar method. I suspect I might have to get in touch again, so thanks in advance.

Thanks again,

Hey @leighcee,
Oh I see what you’re taking about. Yeah, I believe that authn-k8s is supported in Conjur OSS but the status page isn’t.

With that said, in the enterprise AAM/DAP product built on Conjur OSS, there is a health page (though our docs seem out of date there) for status of all authenticators (eg. installed/configured/enabled) but Conjur OSS does not have that OOTB right now. There is some work being done on that per-authenticator but I’m not aware of its current progress since I don’t work in that area of code.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.