Version v1.11.1+suite.2

This Suite release aligns with Conjur Server version 1.11.1. It includes new OpenShift support for deploying Conjur OSS and some exciting new changes to our Ansible integration. Notable updates are highlighted below.

To learn more about the Conjur Open Source Suite Release structure refer to the documentation introduction.

What's New

New and enhanced functionality includes:

Conjur OSS Helm Chart

The Conjur OSS Helm Chart has been updated with Community-level support for deploying Conjur OSS into OpenShift 4.x clusters! Previously, the helm chart only had support out of the box for deploying to standard Kubernetes clusters. With this change, we are now publishing OpenShift-friendly images for Conjur and Nginx to the RedHat container registry, and the helm chart provides instructions for installing Conjur into OpenShift using these images.

Conjur Integrations

Conjur Ansible Integration

In this suite release, the Conjur Ansible Collection is added to the Conjur OSS Suite! With the latest release of the Conjur collection, you can install both the Conjur Ansible Role and the Conjur Lookup Plugin with one command:

ansible-galaxy collection install cyberark.conjur

Ansible has been moving toward using collections since last year. With the release of Ansible 2.10, the Ansible core Conjur lookup plugin has been replaced with a reference to our collection. This change enables us to better support you by getting new features and bug fixes released as quickly as we can publish them in GitHub. We recommend using the Conjur collection with all Ansible versions that support collections, or for Ansible 2.9+!


The following components, with links to their GitHub releases, comprise the Conjur Open Source Suite v1.11.1+suite2:

Conjur Server

Conjur SDK

Platform Integrations

DevOps Tools

Secretless Broker


Conjur OSS Suite installation

Installing the Suite Release Version of Conjur requires setting the container image tag.

Follow the instructions relevant for your environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.11.1. For example, make the following update to the conjur service in the quickstart docker-compose.yml:

    image: cyberark/conjur:1.11.1
  • Conjur OSS Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
      --set image.tag="1.11.1" \

Upgrade Instructions

Upgrade instructions are available for the following suite components:

What's New by Component

The following components were introduced or enhanced in the Conjur OSS suite version:


v2.0.3 (2020-12-30)




  • Conjur pod no longer fails on restarts when the Conjur cluster is helm installed with the automatic Conjur account creation feature enabled (e.g. with --set account.create=true). The Conjur startup command is revised to check if the account exists before starting the server with the flag used to create it. cyberark/conjur-oss-helm-chart#119


v6.2.3 (2020-12-22)


  • The Conjur CLI now raises a proper error when trying to rotate a non-existing user's API key. cyberark/conjur#979


v1.1.0 (2020-12-29)


  • The Conjur Ansible role has been migrated to this collection, where it will be maintained moving forward. At current, the role in the collection is aligned with the v0.3.2 release of the standalone role. cyberark/ansible-conjur-host-identity#30

  • Add as_file boolean option to the lookup plugin which stores the secret as a temporary file and returns its path. This enables users to use the ansible_ssh_private_key_file parameter to define an SSH private key using a variable stored in Conjur; previously, users couldn't set this parameter via a direct call to the lookup plugin because the parameter does not accept inline SSH keys, and the lookup plugin could only return a string. cyberark/ansible-conjur-collection#52, Cyberark Commons post #1070


v0.3.2 (2020-12-29)


  • Summon and Summon-Conjur default versions are updated to v0.8.3 and v0.5.3, respectively. cyberark/ansible-conjur-host-identity#45

  • Added retries to tasks/identity/Request identity from Conjur. This will increase the reliability of host factory requests without introducing any extra delay if the first request succeeds.