Version v1.11.3+suite.1

This Suite release aligns with Conjur Server version 1.11.3. It includes better error handling by the Conjur server and new support for using Summon environments in the Conjur Buildpack.

To learn more about the Conjur Open Source Suite Release structure, refer to the documentation introduction.

What's New

New and enhanced functionality includes:

Conjur Core

Conjur Server

This release includes improved error handling by the Conjur server.

Conjur Integrations

Conjur Cloud Foundry Integration

The Conjur Buildpack has been updated to add support for Summon environments in the secrets.yml file. Users can now divide their secrets.yml files into environments and specify which environment secrets should be loaded at runtime using the new SECRETS_YAML_ENVIRONMENT environment variable. For detailed instructions on using this new functionality, see the project README.

This release also includes a minor update to the Conjur Service Broker. Users who consume our Tanzu Application Service tile should wait for the next tile release to update the service broker, but all users may install the buildpack at any time following the documented instructions.


These are the primary repositories for Conjur Open Source and its SDK.

The following components are included or enhanced in Conjur OSS Suite Version v1.11.3+Suite.1:

Conjur server

Conjur SDK

Platform integrations

DevOps tools

Secretless Broker


Conjur OSS Suite installation

Installing the Suite Release Version of Conjur requires setting the container image tag.

Follow the instructions relevant for your environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.11.3. For example, make the following update to the conjur service in the quickstart docker-compose.yml:

    image: cyberark/conjur:1.11.3
  • Conjur OSS Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
      --set image.tag="1.11.3" \

Upgrade instructions

Upgrade instructions are available for the following suite components:

What's new by component

The following components were introduced or enhanced in the Conjur OSS suite version v1.11.3+suite.1.


v1.11.3 (2021-02-22)


  • Conjur now raises a RoleNotFound error when trying to authenticate a non-existent host in authn-k8s. cyberark/conjur#2046


  • Conjur now raises a new ServiceIdMissing error if the service-id param is missing in an authentication request for the OIDC authenticator. cyberark/conjur#2004


v0.7.0 (2021-02-10)


  • RetrieveBatchSecretsSafe method, which allows the user to specify the use of the Accept: base64 header in batch retrieval requests. This allows binary secrets to be retrieved from Conjur. cyberark/conjur-api-go#88


  • Updated Go versions to 1.15.

v0.7.1 (2021-03-01)


  • Resources method no longer sends improperly URL-encoded query strings when filtering resources with the "Search" parameter. Previously, if you used a "Search" value that included a slash "/", the client would return no results even if the server had matching resources due to an issue with the URL-encoding. cyberark/conjur-api-go#93


v2.2.0 (2020-03-01)


  • Support for using Summon environments in the secrets.yml file. Users can now divide their secrets.yml files into sections for each environment and specify the secrets to load at runtime using the new SECRETS_YAML_ENVIRONMENT environment variable. See the README for more information. cyberark/cloudfoundry-conjur-buildpack#44



v1.1.5 (2021-03-01)


  • The service broker Gemfile now specifies the Ruby version so that the service broker no longer fails to install when using a version of the Ruby Buildpack v1.8.15 or older, due to an incompatibility issue between Ruby and Nokogiri versions. cyberark/conjur-service-broker#229



v0.19.1 (2021-02-08)


  • The Authenticate method now parses the authentication response and writes it to the token file, without the need to call ParseAuthenticationResponse. This is a breaking change for software that leverages the go get Go package (Secretless and Secrets Provider for Kubernetes); users of the Kubernetes Authenticator Client Docker image are not impacted by this change. cyberark/conjur-authn-k8s-client#180

  • The project Golang version is updated from the end-of-life v1.12 to the latest version v1.15. cyberark/conjur-authn-k8s-client#206

  • Improve the error message raised when the username doesn't include the host/ prefix. cyberark/conjur-authn-k8s-client#212


v1.1.3 (2021-03-01)


  • Updated Kubernetes Authenticator Client to version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.


v1.7.3 (2020-03-09)


  • Updated Kubernetes Authenticator Client version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.


  • When configured for the SSL mode of require or prefer, Secretless now sends a valid "SSL is not supported" response per the PostgreSQL protocol standard when a client attempts to open an SSL connection using the PostgreSQL connector. When the client is configured for SSL mode prefer, the updated response enables the client to downgrade to an insecure connection and continue. Previously, clients sending requests using the SSL mode of either require or prefer would receive a generic error from Secretless, which made it harder to determine the root cause of the problem and caused the preferSSL mode to not function correctly. cyberark/secretless-broker#1377