Giters

xebialabs-community / xld-conjur-plugin

XL Deploy plugin to get secrets from CyberArk Conjur for dictionaries and infrastructure hosts.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

xl-deployjava

XLD Conjur Plugin

Build Status License: MIT Github All Releases

Overview

The Conjur Plugin adds two capabilities to XL Deploy:

  • New DynamicDictionary to Environments
  • Retrieve credentials for overthere.Hosts

Requirements

  • XLDeploy: version 8.0.0+
  • Cyberark Conjur: version 5.0+

Installation

Place the plugin .xldp file into your SERVER_HOME/plugins directory.

Configuration

Begin by configuring a Conjur server in the Configuration repository.

ConjurServerConfiguration

Conjur URL

The URL to your Conjur Server. The value should include the protocol e.g. http:// or https://.

Conjur Account

The Conjur account or namespace that holds the variables.

Conjur Username

The username XL Deploy will use to authenticate to the Conjur server.

Conjur Password / API Key

The password or API Key XL Deploy will use to authenticate to the Conjur server.

Control Task : Check Connection

The Conjur Plugin will check connection to the Conjur host with the credentials supplied.

DynamicDictionary

The Conjur DynamicDictionary is available under Environments -> New -> Conjur -> DynamicDictionary. It behaves like a regular dictionary with the added feature that values can be looked up on Conjur at deployment time. An entry that has a Conjur lookup for its value has the form:

$conjur:<key path>

ConjurDynamicDictionary

At deployment time, when the dictionary is used for property placeholder substitution in the application, any key value that starts with '$conjur:' is a signal to the application to lookup the value in the associated Conjur server. The plugin will lookup the Conjur value using the supplied key path and place that value in the dictionary. Note that this is runtime behavior. The values are looked up and supplied when values are retrieved from the dictionary. The dictionary itself is not modified.

Conjur Server

Indicate the Conjur Server to use for lookups.

Control Task : Test Dictionary

The Conjur Plugin will call the Conjur server and attempt to retrieve values. If any key referenced in the dictionary cannot be found in Conjur, an error will be raised.

Host Credentials

Any Infrastructure host-type that has overthere.Host as its parent (e.g. overthere.SshHost or overthere.SmbHost), can now use Conjur values for any of its properties.

ConjurHostProperties

Like the DynamicDictionary, instead of entering the actual value, enter '$conjur:<key path>'. (Note that password fields will not show the entry as in the example above.) During the deployment process, the plugin will retrieve the values from Conjur.

Conjur Server

Indicate the Conjur Server to use for lookups.

Developer Notes

  • Set xlDeployHome in gradle.properties to your local XL Deploy instance. Some XL Deploy packages are needed for the plugin to compile.

About

XL Deploy plugin to get secrets from CyberArk Conjur for dictionaries and infrastructure hosts.

xl-deployjava

License:MIT License

Languages

Language:Java 76.2%Language:Python 22.3%Language:Shell 1.4%Language:Dockerfile 0.1%