Conjur Open Source Suite

The Conjur Open Source Suite is a collection of software components and tools used to build, deploy, and consume the Conjur service in a consistent manner.

The following diagram shows the main components of the suite:

At the core of the suite is the Conjur Deployment, which consists of the Conjur Server with a Postgres database and an NGINX front end.

The Conjur Server exposes a REST API, with the following open-source components:

  • The Command Line Interface (CLI).

  • Client Libraries that implement the API in various languages.

  • Integrations to Cloud and Container platforms and to DevOps tools.

  • Secret Delivery tools: Summon and Secretless that are used to simplify or altogether hide Secret Access from developers.

Benefits

  • With the distributed nature of the Conjur project, all open source components appear as standalone repositories so the dependencies among them aren't obvious. By aggregating components under the same umbrella, the Conjur Open Source Suite ensures that components are correctly used with respect to version dependencies.

  • When a suite release is built, it includes end-to-end testing to ensure that all components in the release function consistently, relative to a given Conjur Server version.

  • Component versions are selected across the entire suite to ensure that only high quality changes introduced in individual components are accepted for inclusion in a given release.

  • The Conjur Open Source Suite Release Notes identifies what has changed from one release to the next for every component in the suite, to provide a complete end-to-end view. The Release Notes page includes a linked list of all available release notes.

  • The Conjur Open Source Suite release offers users visibility into all components in the Conjur project that may be useful to them.

Users or developers may decide to use a specific branch of a component outside of the suite release, if that branch is still not part of a release suite version. In this case, they'll have a stable reference with which to compare.

Structure of Conjur Open Source Suite

The Conjur Open Source Suite is organized into three groups of collections:

Conjur Core

The Conjur Core group includes:

  • The Conjur Server collection comprised of the Conjur repository itself, along with a set of deployment tools.

  • The Conjur SDK collection contains all of the client libraries.

Integrations

The Integrations group includes:

  • The Platform Integrations collection, comprised of integrations to the public Clouds (AWS, Azure, GCP) and container platforms - Kubernetes, OpenShift and Cloud Foundry (VMware Tanzu). Note that Authenticators (for AWS, Azure, K8s, etc) are built into the Conjur server itself.

  • The DevOps Tools collection is comprised of integrations to CI/CD tools such as Ansible, Jenkins, Puppet and Terraform. Due to the nature of Open Source, other integrations are written by third parties, and in some cases are embedded in third-party code natively. When using these integrations please refer to the native documentation or the Conjur documentation Fundamentals section.

Secrets Delivery

The Secrets Delivery group includes:

  • The Secretless Broker, which allows applications to connect to targets transparently, as if no credentials were used. This is a paradigm shift in the approach to privileged application access that lets developers forget about secrets management altogether, and eliminates secrets leakage from their code.

  • The Summon utility that simplifies secrets-fetching by making secrets available as environmental variables to a sub-process.

Additional information on the structure of the Conjur Open Source Suite can be found here.