Introduction
The integration between OpenShift and CyberArk Conjur Enterprise simplifies secrets management, strengthens container security and gives organizations the flexibility to more securely deploy enterprise applications at scale. Now organizations using OpenShift can leverage Conjur Enterprise to secure, manage and rotate secrets and other credentials, by securely passing secrets stored in Conjur to applications running in OpenShift. CyberArk Conjur ensures secrets are never exposed to third parties. The Conjur integration enhances security for OpenShift environments by providing:
- End-to-end encryption of secrets through mutual TLS (Transport Layer Security).
- Robust authentication and authorization incorporating Conjur policy, signed certificates, and an internal Kubernetes authenticator.
- Separation of duties and other policies by letting OpenShift security teams control container access while development teams define application requirements.
- Easy deployment of applications across environments and pods.
- Scalability and performance advantages of the Conjur master-follower architecture. As Followers provide read-only activity for client containers and applications, scale-out is easy by simply adding more followers.
- Secret rotation, centralized auditing, and all other advantages of Enterprise Conjur.
Most importantly, developers are able to easily meet security requirements by using APIs and code to secure secrets and access credentials without impacting velocity. Conjur was designed specifically for developers with the goal of letting developers focus on development without them needing to worry about security. For examples, security policies can be written and managed as-code, enabling security policies to be more easily established and managed.
CyberArk Conjur
CyberArk Conjur Enterprise is an enterprise-class secrets management solution designed to meet the needs of high velocity, dynamic DevOps environments, and CI/CD pipelines. Like other CyberArk solutions, Conjur Enterprise is security focused and incorporates robust security principals including machine identity, least privilege, role-based access control, policy as code, as well as segregation of duties for both human and non-human users (e.g., containers, micro-services, scripts, and machines).
True End to End Credential Management Across The Enterprise
An additional advantage of using CyberArk solutions is that enterprises have the ability for true end-to-end, policy-based secrets and credential management across their entire enterprise. CyberArk is widely deployed by enterprises across the globe, including over half of the Fortune 100, and is recognized as the #1 provider in privileged access security. So, importantly, with the integration between CyberArk Conjur Enterprise and Red Hat OpenShift, the CyberArk Enterprise Password Vault enables secrets and credential managed by the CyberArk Vault to be automatically replicated into OpenShift. Organizations can now consistently manage access credentials and secrets across on-premises, hybrid and native cloud environments, as well as for OpenShift and other DevOps tools. Of course, Conjur can also be used as a standalone solution that can be integrated if and when the enterprise is ready.
How It Works – OpenShift and Conjur
The deployment scripts deploy a Conjur cluster in an OpenShift project (OpenShift 3.3 or later). User applications are then deployed in different projects, which get access to Conjur through authenticated login orchestrated by an authentication sidecar. For additional details refer to the integration reference materials.
Getting Started with Conjur Enterprise and OpenShift
The CyberArk Conjur OpenShift Integration is available now. To learn more view the OpenShift Commons Briefing: CyberArk Conjur Secrets Management demo and webinar, contact sales, or visit CyberArk.com/Conjur. You can also have a demo at Red Hat Summit – booth#932.
Conjur Open Source Also Available
CyberArk Conjur Open Source is freely available and available for trial or download on GitHub or Conjur.org and with Conjur Open Source, you can also join the Conjur Slack to communicate directly with our engineers to ask questions and provide product feedback.
About the author
Chris Smith has extensive experience planning and executing sales strategies in the federal and commercial systems integrator market. As Vice President and General Manager of North American Public Sector for Red Hat, he delivers value to customers by coaching and motivating sales team members to exceed expectations, with a consultative approach to solving customer challenges.
More like this
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit