{"id":51423327,"url":"https://github.com/aslancarlos/appengine-java-conjur","last_synced_at":"2026-07-05T01:02:31.643Z","repository":{"id":263360849,"uuid":"890130941","full_name":"aslancarlos/appengine-java-conjur","owner":"aslancarlos","description":"Spring Boot application using GCP JWT to authenticate with Conjur Cloud via AUTHN-GCP.","archived":false,"fork":false,"pushed_at":"2026-05-28T00:55:05.000Z","size":30910,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-28T01:22:55.981Z","etag":null,"topics":["authn-gcp","conjur","federated-identity","gcp","jwt","machine-identity","spring-boot"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aslancarlos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-18T03:24:24.000Z","updated_at":"2026-05-28T00:53:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"ee80eb2c-9b4a-4a72-a7b2-8a6861745bca","html_url":"https://github.com/aslancarlos/appengine-java-conjur","commit_stats":null,"previous_names":["aslancarlos/appengine-java-conjur"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aslancarlos/appengine-java-conjur","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aslancarlos%2Fappengine-java-conjur","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aslancarlos%2Fappengine-java-conjur/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aslancarlos%2Fappengine-java-conjur/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aslancarlos%2Fappengine-java-conjur/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aslancarlos","download_url":"https://codeload.github.com/aslancarlos/appengine-java-conjur/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aslancarlos%2Fappengine-java-conjur/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35140190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authn-gcp","conjur","federated-identity","gcp","jwt","machine-identity","spring-boot"],"created_at":"2026-07-05T01:02:29.729Z","updated_at":"2026-07-05T01:02:31.563Z","avatar_url":"https://github.com/aslancarlos.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spring Boot Application with Conjur Authn-GCP Integration\n\nA Spring Boot application that authenticates to CyberArk Conjur Cloud using Google Cloud Platform identity tokens (`authn-gcp`). Instead of storing a long-lived Conjur API key, the app obtains a short-lived GCP JWT and trades it for Conjur access — a federated, zero-static-secret pattern suited for workloads running on GCP (App Engine, Cloud Run, GKE, Compute Engine).\n\n**Note**: This project is intended as a proof of concept and test for this integration. It does not have official support from CyberArk.\n\n## Features\n\n- **Spring Boot**: Utilizes the Spring Boot framework for building RESTful APIs.\n- **Conjur Integration**: Securely manages secrets using Conjur, an enterprise-grade secret management tool.\n- **Authn-GCP Authentication**: Authenticates with Conjur via Google Cloud Platform (GCP) using JSON Web Tokens (JWT).\n- **Environment-specific Secret Management**: Supports different environments for credential retrieval, allowing dynamic and secure configuration.\n\n## Prerequisites\n\n- Java 11 or higher\n- Maven 3.6 or higher\n- Google Cloud Platform account with the necessary IAM roles\n- Conjur configured with Authn-GCP integration\n\n## Getting Started\n\n### Clone the Repository\n```sh\ngit clone https://github.com/your-username/your-repository-name.git\ncd your-repository-name\n```\n\n### Configuration\n\n1. **Conjur Configuration**:\n   - Set up Conjur and enable the `authn-gcp` authenticator.\n   - Define the required policies and load the secrets.\n\n2. **Google Cloud Configuration**:\n   - Ensure that the GCP service account being used has the necessary permissions to generate identity tokens.\n   - Add the GCP service account to the Conjur policy to allow authentication.\n\n3. **Application Properties**:\n   - Update `src/main/resources/application.properties` with your configuration values.\n     ```properties\n     conjur.auth.url=https://your-conjur-instance/authn-gcp/your-account-name\n     conjur.secrets.url=https://your-conjur-instance/secrets/your-account-name/variable/\n     gcp.project-id=your-gcp-project-id\n     gcp.service-account-email=your-service-account-email\n     ```\n\n   - Replace the placeholders with your actual configuration values.\n\n### Building the Project\n\n```sh\nmvn clean install\n```\n\n### Running the Application\n\n```sh\nmvn spring-boot:run\n```\n\nThe application will start on port `8080` by default. You can access it at `http://localhost:8080/conjur`.\n\n## Usage\n\nOnce the application is running, it will authenticate with Conjur using the provided GCP JWT and retrieve the configured secrets.\n\n## Important Parameters to Update\n\nMake sure to update the following parameters before running the application:\n\n- Update the values of secrets in `ConjurController.java` to ensure the correct secret paths are used.\n- `conjur.auth.url`: The Conjur authentication URL, including the Authn-GCP endpoint.\n- `conjur.secrets.url`: The URL for accessing secrets in Conjur.\n- `gcp.project-id`: The Google Cloud project ID where the service account resides.\n- `gcp.service-account-email`: The email of the service account being used for authentication.\n\n## Troubleshooting\n\n- **Authentication Errors**: Make sure that the GCP service account has the correct permissions and that the Conjur policy allows it to authenticate.\n- **Secret Retrieval Errors**: Verify that the secret paths in Conjur are correct and that the application has the right permissions to access them.\n\n## Contributing\n\nContributions are welcome! Please fork this repository and open a pull request to propose any changes.\n\n## License\n\nThis project is licensed under the Apache License 2.0 — see the [LICENSE](LICENSE) file for details.\n\n## Contact\n\nIf you have any questions or need further assistance, feel free to contact us.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faslancarlos%2Fappengine-java-conjur","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faslancarlos%2Fappengine-java-conjur","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faslancarlos%2Fappengine-java-conjur/lists"}