{"id":13805605,"url":"https://github.com/cyberark/conjur","last_synced_at":"2025-10-24T02:15:58.359Z","repository":{"id":37782971,"uuid":"62174977","full_name":"cyberark/conjur","owner":"cyberark","description":"CyberArk Conjur automatically secures secrets used by privileged users and machine identities","archived":false,"fork":false,"pushed_at":"2025-02-19T20:40:01.000Z","size":27114,"stargazers_count":813,"open_issues_count":225,"forks_count":127,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-04-06T14:04:50.913Z","etag":null,"topics":["conjbot-notify","conjur","conjur-cloud","core","dap","machine-identity","secret-distribution","secret-management","secrets"],"latest_commit_sha":null,"homepage":"https://conjur.org","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-06-28T21:18:07.000Z","updated_at":"2025-04-01T11:59:39.000Z","dependencies_parsed_at":"2022-08-08T22:01:02.151Z","dependency_job_id":"2116d3d1-ca2b-4fc4-b4e0-f881bf1b0b04","html_url":"https://github.com/cyberark/conjur","commit_stats":{"total_commits":2679,"total_committers":107,"mean_commits":"25.037383177570092","dds":0.8335199701381113,"last_synced_commit":"40401f4f910a2a1dff6cfbbfc0141e8b7f411fa9"},"previous_names":[],"tags_count":341,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/conjur/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248749752,"owners_count":21155678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["conjbot-notify","conjur","conjur-cloud","core","dap","machine-identity","secret-distribution","secret-management","secrets"],"created_at":"2024-08-04T01:01:02.965Z","updated_at":"2025-10-24T02:15:58.282Z","avatar_url":"https://github.com/cyberark.png","language":"Ruby","funding_links":[],"categories":["Secret Management","Account Management"],"sub_categories":[],"readme":"# Conjur\n\n[![Conjur on DockerHub](https://img.shields.io/docker/pulls/cyberark/conjur.svg)](https://hub.docker.com/r/cyberark/conjur/)\n[![Maintainability](https://api.codeclimate.com/v1/badges/3754a79b22b9430040ba/maintainability)](https://codeclimate.com/github/cyberark/conjur/maintainability)\n[![Test Coverage](https://api.codeclimate.com/v1/badges/3754a79b22b9430040ba/test_coverage)](https://codeclimate.com/github/cyberark/conjur/test_coverage)\n\n[![CyberArk Commons - ask](https://img.shields.io/badge/CyberArk%20Commons-ask-e01563.svg)][commons]\n[![Follow Conjur on Twitter](https://img.shields.io/twitter/follow/conjurinc.svg?style=social\u0026label=Follow%20%40ConjurInc)][twitter]\n\n[commons]: https://discuss.cyberarkcommons.org/c/conjur/5 \"Find answers on CyberArk Commons\"\n[twitter]: https://twitter.com/intent/user?screen_name=ConjurInc \"Follow Conjur on Twitter\"\n\nConjur provides secrets management and application identity for modern infrastructure:\n\n* **Machine Authorization Markup Language (\"MAML\")**, a role-based\n  access policy language to define system components \u0026 their roles,\n  privileges and metadata\n* **A REST web service** to:\n  * manage identity life cycles for humans and machines\n  * organize and search roles and data in your secrets infrastructure\n  * authorize access to resources using a sophisticated permission model\n  * store secrets and make them available securely\n* **Integrations** throughout the cloud toolchain:\n  * infrastructure as a service (IaaS)\n  * configuration management\n  * continuous integration and deployment (CI/CD)\n  * container management and cloud orchestration\n\n_Note: our badges and social media buttons never track you._\n\n- [Getting Started](#getting-started)\n  * [Compatibility](#compatibility)\n- [Community Support](#community-support)\n- [Migrating to Conjur EE](#migrating-to-conjur-ee)\n- [Architecture](#architecture)\n  * [Database](#database)\n    + [DATABASE_URL environment variable](#database-url-environment-variable)\n    + [Database initialization](#database-initialization)\n  * [Authenticators](#authenticators)\n  * [Rotators](#rotators)\n  * [Secrets and keys](#secrets-and-keys)\n    + [Important: avoid data loss](#important--avoid-data-loss)\n  * [Account management](#account-management)\n- [Versioning](#versioning)\n- [Contributing](#contributing)\n- [License](#license)\n\n\u003csmall\u003e\u003ci\u003e\u003ca href='http://ecotrust-canada.github.io/markdown-toc/'\u003eTable of contents\ngenerated with markdown-toc\u003c/a\u003e\u003c/i\u003e\u003c/small\u003e\n\n\n## Getting Started \n\nPlease refer to our [Quick Start Guide](https://www.conjur.org/get-started/quick-start/oss-environment/) for detailed information on using Conjur Open Source for the first time, or, refer to the \n[Conjur docs](https://docs.conjur.org/Latest/en/Content/Resources/_TopNav/cc_Home.htm) for specific guides relating to setup, integrations, administration, and more.\n\n### Compatibility \n\nWe **strongly** recommend choosing the version of this project to use from the latest [Conjur Open_Source \nsuite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html). \nConjur maintainers perform additional testing on the suite release versions to ensure \ncompatibility. When possible, upgrade your Conjur version to match the \n[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm); \nwhen using integrations, choose the latest suite release that matches your Conjur version.\n\nWhen upgrading your Conjur server running in a Docker Compose environment to the\nlatest suite release version, please review the\n[upgrade instructions](./UPGRADING.md). For any questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).\n\n## Community Support\n\nOur primary channel for support is through our CyberArk Commons community\n[here][commons]\n\n## Migrating to Conjur EE\n\nMigrating data from Conjur Open Source to Conjur EE is simple using our\n[migration guide][migration]\n\n[migration]: design/MIGRATION.md\n\n## Architecture\n\nConjur is designed to run in a Docker container(s), using Postgresql as the\nbacking data store. It's easy to run both Conjur and Postgresql in Docker; see\nthe `demo` directory for an example.\n\n### Database\n\n#### DATABASE_URL environment variable\n\nConjur uses the `DATABASE_URL` environment variable to connect to the database.\nTypical options for this URL are:\n\n* Local linked `pg` container\n* External managed database such as AWS RDS.\n\n#### Database initialization\n\nConjur creates and/or updates the database schema automatically when it starts\nup. Migration scripts are located in the `db/migrate` directory.\n\n### Authenticators\n\nConjur makes it easy to:\n\n- Enable and disable built-in authenticators\n- Secure access to authenticators using policy files\n- Create custom authenticators\n\n[Detailed authenticator design documentation](design/authenticators/AUTHENTICATORS.md)\n\n### Rotators\n\nConjur makes it easy to:\n\n- Rotate variables regularly using built-in rotators\n- Create custom rotators\n\n[Detailed rotator design documenation](design/ROTATORS.md)\n\n### Secrets and keys\n\nMain article: [Conjur Cryptography](https://docs.conjur.org/Latest/en/Content/Get%20Started/cryptography.html)\n\nConjur uses industry-standard cryptography to protect your data.\n\nSome operations require storage and management of encrypted data. For example:\n\n* Roles can have associated API keys, which are stored encrypted in\n  the database\n* the `authenticate` function issues a signed JSON token; the signing key is a\n  2048 bit RSA key which is stored encrypted in the database\n\nData is encrypted in and out of the database\nusing [Slosilo](https://github.com/conjurinc/slosilo), a library which provides:\n\n* symmetric encryption using AES-256-GCM\n* a Ruby class mixin for easy encryption of object attributes into the database\n* asymmetric encryption and signing\n* a keystore in a Postgresql database for easy storage and retrieval of keys\n\nSlosilo has been verified by a professional cryptographic audit. Ask in our\nCyberArk Commons community for more details. (You can join [here][commons].)\n\n#### Important: avoid data loss\n\nWhen you start Conjur, you must provide a Base64-encoded master data key in the\nenvironment variable `CONJUR_DATA_KEY`. You can generate a data key using the\nfollowing command:\n\n```\n$ docker run --rm conjur data-key generate\n```\n\nDo NOT lose the data key, or all the encrypted data will be unrecoverable.\n\n### Account management\n\nConjur supports the simultaneous operation of multiple separate accounts within\nthe same database. In other words, it's multi-tenant.\n\nEach account (also called \"organization account\") has its own token-signing\nprivate key. When a role is authenticated, the HMAC of the access token is\ncomputed using the signing key of the role's account.\n\nAccounts can be listed, created, and deleted via the `/accounts` service.\nPermission to use this service is controlled by the built-in resource\n`!:webservice:accounts`. Note that `!` is itself an organization account, and\ntherefore privileges on the `!:webservice:accounts` can be managed\nvia Conjur [policies](https://docs.conjur.org/Latest/en/Content/Operations/Policy/policy-overview.htm).\n\n## Versioning\n\nStarting from version 0.1.0, this project follows\n[Semantic Versioning](http://semver.org/spec/v2.0.0.html).\n\n## Contributing\n\nIf you’re interested in running Conjur locally and learning about how it works,\nplease see our [Contributing Guide](./CONTRIBUTING.md). It includes helpful\ninstructions for Conjur development and debugging, including:\n- [Development prerequisites](./CONTRIBUTING.md#prerequisites)\n- [Building Conjur as a Docker image](./CONTRIBUTING.md#build-conjur-as-a-docker-image)\n- [Setting up a local development environment](./CONTRIBUTING.md#set-up-a-development-environment)\n- [Running the test suites](./CONTRIBUTING.md#testing)\n- [Pull request workflow](./CONTRIBUTING.md#pull-request-workflow)\n- [Style guide](./CONTRIBUTING.md#style-guide)\n- [Changelog maintenance](./CONTRIBUTING.md#changelog-maintenance)\n\nIf you have any questions, please [open an issue](https://github.com/cyberark/conjur/issues/new/choose)\nor [ask us on Discourse][commons].\n\n## License\n\nThe Conjur server (as in, the code within this repository) is licensed under the\nFree Software Foundation's [GNU LGPL v3.0][lgpl]. This license was chosen to\nensure that all contributions to the Conjur server are made available to the\ncommunity. Commercial licenses are also available\nfrom [CyberArk](https://www.cyberark.com).\n\nThe Conjur API clients and other extensions are licensed under\nthe [Apache Software License v2.0][apache].\n\nCopyright (c) 2020 CyberArk Software Ltd. All rights reserved.\n\n[apache]: http://www.apache.org/licenses/LICENSE-2.0\n[lgpl]: https://www.gnu.org/licenses/lgpl-3.0.en.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fconjur","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fconjur","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fconjur/lists"}