Policy defines security rules. It is written using YAML, a language that is human and machine readable. Policy organizes objects in your Conjur database. Policy also establishes the rules for role-based access on resources.

Policy defines the following types of infrastructure :

  • Human users who can access Conjur through the CLI, or the API. Policy defines the users, organizes them, and defines privileges.

  • Applications that can authenticate to Conjur programmatically and access data. Policy defines the applications (hosts), organizes them, and defines permissions on protected data, including secrets.

  • Variables that represent secrets that are stored in Conjur. Policy defines and manages the variables, and defines who can access the values. Note that policy does not hold the secret values (the actual secrets.)

  • Web services that can provide services to Conjur. Policy defines the services and makes them accessible.

In this section: