{"id":17215592,"url":"https://github.com/infamousjoeg/conjur-action","last_synced_at":"2025-02-24T07:31:26.663Z","repository":{"id":42439695,"uuid":"215155144","full_name":"infamousjoeg/conjur-action","owner":"infamousjoeg","description":"GitHub Action for secured CyberArk Conjur secret retrieval and import into Workflows","archived":false,"fork":false,"pushed_at":"2023-07-29T14:20:59.000Z","size":73,"stargazers_count":23,"open_issues_count":5,"forks_count":15,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-09-19T23:03:01.534Z","etag":null,"topics":["actions","conjur","cyberark","github-action","github-actions","secrets","secrets-management"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infamousjoeg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-14T22:16:35.000Z","updated_at":"2024-04-15T03:08:09.000Z","dependencies_parsed_at":"2024-06-19T06:16:46.169Z","dependency_job_id":"8ea9e972-dd4d-489f-9d37-29139445e136","html_url":"https://github.com/infamousjoeg/conjur-action","commit_stats":{"total_commits":52,"total_committers":3,"mean_commits":"17.333333333333332","dds":0.3076923076923077,"last_synced_commit":"35d7bbc07232a4f907c7f1e18c2deffe41035ec3"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":"actions/container-toolkit-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fconjur-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fconjur-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fconjur-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infamousjoeg%2Fconjur-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infamousjoeg","download_url":"https://codeload.github.com/infamousjoeg/conjur-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219845367,"owners_count":16556448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","conjur","cyberark","github-action","github-actions","secrets","secrets-management"],"created_at":"2024-10-15T03:24:54.306Z","updated_at":"2025-02-24T07:31:26.639Z","avatar_url":"https://github.com/infamousjoeg.png","language":"Shell","funding_links":["https://www.buymeacoffee.com/infamousjoeg"],"categories":[],"sub_categories":[],"readme":"# CyberArk Conjur Secret Fetcher\n\n_Repository archived for certified version at https://github.com/cyberark/conjur-action_\n\nGitHub Action for secure secrets delivery to your workflow test environment using CyberArk Conjur.\n\nSupports authenticating with CyberArk Conjur using host identity and JWT authentication.\n\n[![](https://github.com/infamousjoeg/conjur-action/workflows/conjur-action%20Test/badge.svg)](https://github.com/infamousjoeg/conjur-action/actions?workflow=conjur-action+Test)\n\n\n\n## Host Identity\n\n### Example\n\n```yaml\non: [push]\n\njobs:\n  test:\n    # ...\n    steps:\n      # ...\n      - name: Import Secrets using CyberArk Conjur Secret Fetcher\n        uses: infamousjoeg/conjur-action@v2.0.2\n        with:\n          url: ${{ secrets.CONJUR_URL }}\n          account: cyberarkdemo\n          host_id: ${{ secrets.CONJUR_USERNAME }}\n          api_key: ${{ secrets.CONJUR_API_KEY }}\n          secrets: db/sqlusername|sql_username;db/sql_password\n      # ...\n```\n\n### Arguments\n\n#### Required\n\n* `url` - this is the path to your Conjur instance endpoint.  e.g. `https://conjur.cyberark.com:8443`\n* `account` - this is the account configured for the Conjur instance during deployment.\n* `host_id` - this is the Host ID granted to your application by Conjur when created via policy. e.g. `host/db/github_action`\n* `api_key` - this is the API key associated with your Host ID declared previously.\n* `secrets` - a semi-colon delimited list of secrets to fetch.  Refer to [Secrets Syntax](#secrets-syntax) in the README below for more details.\n\n#### Optional\n\n* `certificate` - if using a self-signed certificate, provide the contents for validated SSL.\n\n#### Not required\n* `authn_id` - this is the ID of Authn-JWT at Conjur\n\n\n\n\n## JWT Authentication\n\n### Example\n\n```yaml\non: [push]\n\njobs:\n  test:\n    # ...\n    permissions:\n      id-token: 'write'\n      contents: 'read'\n    steps:\n      # ...\n      - name: Import Secrets using CyberArk Conjur Secret Fetcher\n        uses: infamousjoeg/conjur-action@v2.0.2\n        with:\n          url: ${{ secrets.CONJUR_URL }}\n          account: cyberarkdemo\n          authn_id: ${{ secrets.CONJUR_AUTHN_ID }}\n          secrets: db/sqlusername|sql_username;db/sql_password\n      # ...\n```\n\n### Conjur Setup\n\nJWT Authenticator is required at Conjur server.  You may wish to refer to [official doc](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Operations/Services/cjr-authn-jwt.htm?tocpath=Integrations%7CJWT%20Authenticator%7C_____0) \n\nThe sample policy below validates GitHub repository \u0026 workflow\n\n1. [Sample authenticator policy](github-authn-jwt.yml)\n2. [Sample app id policy](github-app-id.yml)\n3. Sample secret values and commands:\n```\nconjur policy load -f ./policy/github-authn-jwt.yml -b root\nconjur policy load -f ./policy/github-app-id.yml -b root\n\nconjur variable set -i conjur/authn-jwt/github/issuer -v \"https://token.actions.githubusercontent.com\"\nconjur variable set -i conjur/authn-jwt/github/jwks-uri -v \"https://token.actions.githubusercontent.com/.well-known/jwks\"\nconjur variable set -i conjur/authn-jwt/github/token-app-property -v \"workflow\"\nconjur variable set -i conjur/authn-jwt/github/enforced-claims -v \"workflow,repository\"\nconjur variable set -i conjur/authn-jwt/github/identity-path -v \"/github-apps\"\n```\n\n### Arguments\n\n#### Required\n\n* `url` - this is the path to your Conjur instance endpoint.  e.g. `https://conjur.cyberark.com:8443`\n* `account` - this is the account configured for the Conjur instance during deployment.\n* `authn_id` - this is the ID of Authn-JWT at Conjur\n* `secrets` - a semi-colon delimited list of secrets to fetch.  Refer to [Secrets Syntax](#secrets-syntax) in the README below for more details.\n\n#### Optional\n\n* `certificate` - if using a self-signed certificate, provide the contents for validated SSL.\n\n#### Not required\n* `host_id` - this is the Host ID granted to your application by Conjur when created via policy. e.g. `host/db/github_action`\n* `api_key` - this is the API key associated with your Host ID declared previously.\n\n\n## Secrets Syntax\n\n`{{ conjurVariable1|envVarName1;conjurVariable2 }}`\n\nThe `secrets` argument is a semi-colon (`;`) delimited list of secrets. Spaces are NOT SUPPORTED. The list can optionally contain the name to set for the environment variable.\n\n### Example\n\n`db/sqlusername|sql_username;db/sql_password`\n\nIn the above example, the first secret section is `db/sqlusername|sql_username`.  The `|` separates the Conjur Variable ID from the environment variable that will contain the value of the Conjur Variable's value.\n\nThe second secret section is `db/sql_password`.  When no name is given for the environment variable, the Conjur Variable Name will be used.  In this example, the value would be set to `SQL_PASSWORD` as the environment variable name.\n\n## Security\n\n### Protecting Arguments\n\nIt is recommended to set the URL, Host ID, and API Key values for the Action to function as secrets by going to Settings \u003e Secrets in your GitHub repository and adding them there.  These can then be called in your workflows' YAML file as a variable: `${{ secrets.SECRETNAME }}`\n\n### Masking\n\nThe CyberArk Conjur Secret Fetcher GitHub Action utilizes masking prior to setting secret values to the environment.  This prevents output to the console and to logs.\n\n## Maintainer\n\nJoe Garcia - [@infamousjoeg](https://github.com/infamousjoeg)\n\nQuincy Cheng - [@quincycheng](https://github.com/quincycheng)\n\n[![Buy me a coffee][buymeacoffee-shield]][buymeacoffee]\n\n[buymeacoffee]: https://www.buymeacoffee.com/infamousjoeg\n[buymeacoffee-shield]: https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfamousjoeg%2Fconjur-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfamousjoeg%2Fconjur-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfamousjoeg%2Fconjur-action/lists"}