Set up the Conjur CLI (Docker-based)

 

If you are working with Conjur OpenSource Suite v1.5.0 and later, we recommend using the new generation Conjur CLI. For details, see Conjur CLI.

For supported commands, see Conjur CLI Command Reference.

The Conjur CLI implements the Conjur REST API, providing an alternate interface for managing Conjur resources, including roles, privileges, policy, and secrets.

Start the Conjur CLI

You can run the Conjur CLI in a container or start it as a Ruby gem.

Container

The following command starts a highly secure ephemeral container for the CLI based on the latest pulled DockerHub image.

  
$ docker run --rm -it --name conjur-client --network container:<container-name> cyberark/conjur-cli:5

Variable

Description
<container-name>

If local, use the name of the Conjur Server.

If you are running the Conjur CLI on a separate machine the --network argument is not required.

To understand how to persist identity data so that subsequent sessions are quicker to start up, see the CLI readme.

Ruby Gem

If you have a Ruby environment, you can install the Ruby gem. See the CLI readme.

Initialize the Conjur CLI

Enter the following command at the bash prompt:

  
conjur init --url <conjur-appliance-hostname> --account <organizational-account>

Variable

Description
<conjur-appliance-hostname>

The URL of the Conjur Server in the following format https://<host-name>.

<organizational-account>

The organizational account assigned to this Conjur Server during configuration.

Authenticate to the client

  1. Enter the following command at the bash prompt:

      
    conjur authn login <user-name>

    Variable

    Description
    <user-name>

    A valid Conjur username. You can use the built-in admin user.

  2. Enter the user password when prompted.

  3. For a list of valid commands, enter

      
    conjur --help

    or, see the Conjur CLI (Docker-based).

Set up the CyberArk Vault Synchronizer. For more information, see Install CyberArk Vault Synchronizer.