The Conjur Plugin adds two capabilities to XL Deploy:
- New DynamicDictionary to Environments
- Retrieve credentials for overthere.Hosts
- XLDeploy: version 8.0.0+
- Cyberark Conjur: version 5.0+
Place the plugin .xldp file into your SERVER_HOME/plugins directory.
Begin by configuring a Conjur server in the Configuration repository.
The URL to your Conjur Server. The value should include the protocol e.g. http:// or https://.
The Conjur account or namespace that holds the variables.
The username XL Deploy will use to authenticate to the Conjur server.
The password or API Key XL Deploy will use to authenticate to the Conjur server.
The Conjur Plugin will check connection to the Conjur host with the credentials supplied.
The Conjur DynamicDictionary is available under Environments -> New -> Conjur -> DynamicDictionary. It behaves like a regular dictionary with the added feature that values can be looked up on Conjur at deployment time. An entry that has a Conjur lookup for its value has the form:
$conjur:<key path>
At deployment time, when the dictionary is used for property placeholder substitution in the application, any key value that starts with '$conjur:' is a signal to the application to lookup the value in the associated Conjur server. The plugin will lookup the Conjur value using the supplied key path and place that value in the dictionary. Note that this is runtime behavior. The values are looked up and supplied when values are retrieved from the dictionary. The dictionary itself is not modified.
Indicate the Conjur Server to use for lookups.
The Conjur Plugin will call the Conjur server and attempt to retrieve values. If any key referenced in the dictionary cannot be found in Conjur, an error will be raised.
Any Infrastructure host-type that has overthere.Host as its parent (e.g. overthere.SshHost or overthere.SmbHost), can now use Conjur values for any of its properties.
Like the DynamicDictionary, instead of entering the actual value, enter '$conjur:<key path>'. (Note that password fields will not show the entry as in the example above.) During the deployment process, the plugin will retrieve the values from Conjur.
Indicate the Conjur Server to use for lookups.
- Set xlDeployHome in gradle.properties to your local XL Deploy instance. Some XL Deploy packages are needed for the plugin to compile.