https://github.com/aslancarlos/conjur_nodejs
Node.js example showing how to fetch secrets from CyberArk Conjur
https://github.com/aslancarlos/conjur_nodejs
conjur cyberark example nodejs secrets-management
Last synced: about 10 hours ago
JSON representation
Node.js example showing how to fetch secrets from CyberArk Conjur
- Host: GitHub
- URL: https://github.com/aslancarlos/conjur_nodejs
- Owner: aslancarlos
- License: apache-2.0
- Created: 2024-09-10T22:15:33.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2026-05-28T00:23:19.000Z (about 1 month ago)
- Last Synced: 2026-05-28T01:22:56.700Z (about 1 month ago)
- Topics: conjur, cyberark, example, nodejs, secrets-management
- Language: JavaScript
- Size: 12.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# conjur_nodejs
Minimal Node.js example that fetches a secret from **CyberArk Conjur** using the REST API. Designed as a starting point for engineers who want to see the exact HTTP calls involved — login, get access token, fetch secret — before adopting an SDK.
## What this demonstrates
```text
Node.js app Conjur
│ │
│ 1. POST /authn/.../login │
│ ─────────────────────────────► │
│ (basic auth) │
│ │
│ 2. API key returned │
│ ◄───────────────────────────── │
│ │
│ 3. POST /authn/.../authenticate
│ ─────────────────────────────► │
│ │
│ 4. Short-lived access token │
│ ◄───────────────────────────── │
│ │
│ 5. GET /secrets/.../variable/...
│ ─────────────────────────────► │
│ │
│ 6. Secret value │
│ ◄───────────────────────────── │
```
For production, prefer one of the federated authenticators (`authn-jwt`, `authn-iam`, `authn-gcp`, `authn-azure`, `authn-k8s`) which avoid storing the Conjur API key altogether.
## Running
```bash
npm install
cp app.env .env # then edit with your values
node conjur-integration.js
```
## Configuration
Edit `app.env` (or set as environment variables):
```bash
CONJUR_URL=https://your-tenant.secretsmgr.cyberark.cloud
CONJUR_ACCOUNT=conjur
CONJUR_USER_ID=host%2Fmy-host
CONJUR_API_KEY=... # do NOT commit this
CONJUR_SECRET_ID=data/my/secret/variable
```
Note that the user / host ID must be URL-encoded (e.g. `host%2Fmy-host` for `host/my-host`).
## Related
- [conjur-explainer](https://github.com/aslancarlos/conjur-explainer) — Visual walkthrough of Conjur authentication patterns
- [authn-gcp-cf](https://github.com/aslancarlos/authn-gcp-cf) — Same Conjur API, but with federated GCP auth instead of an API key
## License
Apache License 2.0 — see [LICENSE](LICENSE).