A machine identity is part of the Conjur authentication (authn) system, allowing the machine to prove to the Conjur server that it is authorized (authz) to access secrets and execute resources as defined in a Conjur policy. A machine's identity is also used when the machine is the target of an action, for example SSH access or traffic authorization. Finally, the identity can be used to vend tokens. The identity can then be passed to untrusted external services which will use it to perform limited-scope authentication with the Conjur server on the machine's behalf.

To make it easy to configure and apply machine identity, Conjur maintains and distributes a Chef cookbook. This cookbook enables automatic configuration of machines, a requirement for running infrastructure at scale. Once configured with the Chef cookbook, a machine will ship its SSH logs to the Conjur audit service and be able to use its own machine identity to make authenticated calls to Conjur.

Conjur Cookbook Links

The "conjur" Chef cookbook is open-source and hosted on GitHub. It is also distributed to the Chef Supermarket.

For full documentation, including a guide on configuring machines with limited network access, read the cookbook's documentation on GitHub.