The integration with CF provides a unique machine identity to each application running in a CF space. These identities are added as hosts to Conjurpolicy. You can manage secrets, roles, and privileges for the CF applications the same as you would for other hosts.
The Conjur Service Broker can be installed in your CF deployment and used to grant your CF-deployed applications Conjurhost identities. Through these host identities, you can grant your applications access to secrets stored in Conjur. The Conjur Buildpack may be used to automatically inject secret values into your application's environment at runtime using Summon. Secrets may also be retrieved using one of our client libraries as an alternative to using the Buildpack, but the Buildpack provides a convenient mechanism for delivering secrets to applications.
- See our tutorial on Conjur with Cloud Foundry.
- Follow the installation instructions in the Service Broker documentation to install the Service Broker and the Buildpack.