This repo demonstrates an app retrieving secrets from a Conjur cluster running in Kubernetes or OpenShift. The numbered scripts perform the same steps that a user has to go through when setting up their own applications.

Note: These demo scripts is customized for Conjur OSS for Minikube on Katacoda

More details at https://katacoda.com/quincycheng/conjur-oss-on-minikube

The test app is based on the cyberark/demo-app Docker image (GitHub repo). It is deployed with a PostgreSQL database and the DB credentials are stored in Conjur. The app uses Summon at runtime to retrieve the credentials it needs to connect with the DB, and it authenticates to Conjur using the access token provided by the authenticator sidecar.

There are three iterations of this app that are deployed:

• App with sidecar authenticator client (to provide continuously refreshed Conjur access tokens)
• App with init container authenticator client (to provide a one-time Conjur access token on start)
• Secretless app with Secretless Broker deployed as a sidecar, managing the credential retrieval / injection for the app