Skip to content

Conjur Variable Secret

Service Name: CyberArk Conjur

Service Description: CyberArk Conjur is an open source security service that integrates with popular tools to provide data encryption, identity management for humans and machines, and role-based access control for sensitive secrets and infrastructure.

Service Address: https://www.conjur.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Conjur policy level using CIDR notation to restrict access to specific IP ranges.

Secret Access Scope: Grants access to sensitive variables, credentials, and configuration data stored within the Conjur vault based on defined policies and permissions.

Secret Revokement URL: https://docs.conjur.org/Latest/en/Content/Operations/Services/rotation.htm

Secret Example: 2x9sfdk3j4md0slq8jd92jd0vm3nfls0

Suspicious Activity Investigation Instructions:

  • Review Conjur audit logs for unauthorized access attempts or unusual activity patterns
  • Check for policy changes that might have expanded access permissions
  • Examine authentication logs for login attempts from unusual locations or IP addresses
  • Verify if any API keys or machine identities have been compromised
  • Monitor for unusual secret retrieval patterns or volumes

Mitigation Instructions:

  • Rotate the compromised Conjur variable secret immediately
  • Update any applications or services using the compromised secret
  • Review and tighten Conjur access policies to ensure the Principle of Least Privilege
  • Enable multi-factor authentication if not already in place
  • Implement IP restrictions for accessing the Conjur service
  • Consider implementing secret rotation schedules for all sensitive variables
  • Audit all roles and permissions to ensure proper access controls
  • Review audit logs to identify potential security gaps