Dynamic Secrets for Azure Service Principal #24
Comments
|
Is this also a demo of using Conjur for JIT access in Azure? If so, it would fall under the comment here: #23 (comment) If not, we'll want to revise the repo name so that it's clear what it contains. It should have a reference to |
|
It's a feature, that can dynamically create & remove Azure Service Principle on the fly, based on micro-service architecture |
|
Hi @quincycheng. Could you please confirm my understanding? I see that the idea is using Conjur as a secret and config store, retrieving those values as needed at runtime to create a temporary identity in a service. So it’s dynamic secrets at the level of service identity. I think I can see this existing in something like This would be deployed as a service that can be authenticated against using Conjur credentials. The credentials would determine the permissions on dynamic secret generation so that a consumer of this service need never have access to the "root" credentials. |
|
Yup, the description is very well written! thanks @doodlesbykumbi |
|
Thanks @doodlesbykumbi and @quincycheng! This is one project I know touches on part of our product roadmap for JIT application access - I'm checking with the product org to see how this project could fit in / what we'd like to call it before I start to create a home for it. |
|
@quincycheng is this just for Azure or are you planning to add other use cases? Asking as we're considering the naming of the repo. |
Request for a new public Conjur project in CyberArk GitHub
Current project source: https://github.com/quincycheng/azure-jit
Current maintainer: Quincy Cheng, @quincycheng
Desired project URL: https://github.com/cyberark/azure-jit
Brief description of project:
Conjur Dynamic Secrets for Azure Service Principal
Anticipated certification level: Community
The text was updated successfully, but these errors were encountered: