Install Conjur Open Source

Install Docker

Download and install the Docker Engine for your platform.

Create a Development Environment (optional)

  1. Get the most recent Conjur image from one of the following locations:

  2. See the cyberark/conjur Github repository for installation and startup instructions.

Install Conjur open source using AWS CloudFormation template

  1. Download our template. The name of the template is conjur-latest.yml.

  2. Open your AWS account and go to your Console home page.

  3. In the search bar, search for "CloudFormation".

  4. Click CloudFormation, which opens the CloudFormation wizard page.

  5. Click Create Stack > Create New Stack to create a new CloudFormation stack for Conjur.

  6. On the Select Template page: 

    1. Select Upload a template to Amazon S3,
    2. Click Choose File and select the conjur-latest.yml file you downloaded in step 1.
    3. Click Next.
  7. On the Specify Details page, complete these fields:

    Name Value
    Stack name Descriptive name for the stack
    ConjurAccount Conjur organizational account for this Conjur instance.
    ConjurAdminPassword Password for the Conjur admin user. To log into Conjur the first time, use "admin" for user and this password. We recommend that you change this password immediately using the conjur user command.
    DBAdminUser The AWS RDS instance administrator. Keep the default value conjuradmin.
    DBAdminPassword Password for the AWS RDS instance administrator.
    KeyName Select a valid set of SSH Keys to use for accessing the VMs after creation. If the dropdown list is empty, consult your AWS Administrator.
    VpcId Select the VPC where Conjur will run. If unsure, consult your AWS Administrator.
    VpcSubnetIds Select the subnets for Conjur and PostgreSQL VMs. Two subnets are required. We recommend that they be in different Availability Zones.
    InstanceType Type and size of the Conjur EC2 instance. The default and recommended value is m4.large.
  8. Click Next.

  9. On the Options page, all fields are optional and may be skipped.

  10. Click Next.

  11. On the Review page, check for any inconsistencies. If all of the information is correct, click Create.

AWs creates the stack. On the Resources tab, the public IP for the VM is displayed. You can select it.

Conjur is installed and ready for use! Use this Conjur instance for testing and development. See What's Next? for suggestions of next steps.

Install Conjur open source using Docker pull

You can easily download and run the Conjur software using Docker and the official Conjur containers on DockerHub.


  1. Install Docker Toolbox, available for Windows and macOS.

    If you are using GNU/Linux, follow instructions here.

  2. Install a terminal application if you don't have one already. Hyper is nice.

Install and configure

  1. In your terminal, download the Conjur Open Source quick-start configuration:

    curl -o docker-compose.yml
  2. Pull all of the required Docker images from DockerHub.

    docker-compose pull
  3. Generate a master data key:

    $ docker-compose run --no-deps --rm conjur data-key generate > data_key
  4. Load the data key into the environment:

    export CONJUR_DATA_KEY="$(< data_key)"
    Save the master data key.
    Back it up in a safe location. You may need it later for maintenance.
  5. Run the Conjur server, database, and client:

    docker-compose up -d
  6. Create a Conjur account to identify this Conjur instance. (eg. quick-start):

    docker-compose exec conjur conjurctl account create quick-start

    Conjur returns a public key for this Conjur account and an API key for the default admin user.


    Save the public key and admin API Key. Back them up in a safe location. You need the API key in the next step to log in as the admin user the first time. You may need the public key later for maintenance.

  7. Start a bash shell for the Conjur client CLI:

    docker-compose exec client bash
  8. Connect the Conjur client CLI to the Conjur instance. Use the <account-name> you created in a previous step to identify the instance.

    conjur init -u conjur -a <account-name>
  9. Authenticate to Conjur. The user name must be the default admin.

    conjur authn login -u admin

    In response to the prompt for a password, copy and paste the API key that Conjur created and returned in the steps above.

    Please enter admin's password (it will not be echoed):
  10. Enter your first command: 

    conjur authn whoami

Conjur is installed and ready for use! Use this Conjur instance for testing and development. See What's Next? for suggestions of next steps.