Policy defines security rules. It is written using YAML, a language that is human and machine readable.
Policy defines the following types of infrastructure :
-
Human users who can access Conjur through the CLI, or the API. Policy defines the users
-
Applications that can authenticate to Conjur programmatically and access data. Policy defines the applications (
hosts), organizes them, and defines permissions on protected data, including secrets. -
Variables that represent secrets that are stored in Conjur. Policy defines and manages the variables, and defines who can access the values. Note that policy does not hold the secret values (the actual secrets.)
-
Web services that can provide services to Conjur. Policy defines the services and makes them accessible.
In this section:
