Handlers

Conjur - HTTP(S)

Overview

The Conjur handler exposes an HTTP proxy which will authenticate requests made to Conjur without revealing credentials to the consumer.

Handler Parameters

  • type
    Required
    This parameter indicates the type of service proxied by the handler. For Conjur, the value of type should always be conjur.

  • match
    Required
    An array of regex patterns which match a request URI, either partially or fully. Requests which are matched by a regex in this array will be authenticated by this handler.

Credentials

  • accessToken
    Required
    Conjur access token

  • forceSSL
    Optional
    Boolean; forces connection over HTTPS if true

Examples

Authenticates all requests proxied through this handler

listeners:
  - name: http_listener
    protocol: http
    address: 0.0.0.0:8080

handlers:
  - name: conjur_handler
    listener: http_listener
    type: conjur
    match:
      - .*
    credentials:
      - name: accessToken
        provider: file
        id: /run/conjur/conjur-access-token

Authenticate requests to a particular hostname

listeners:
  - name: http_listener
    protocol: http
    address: 0.0.0.0:8080

handlers:
  - name: conjur_handler
    listener: http_listener
    type: conjur
    match:
      - ^https\:\/\/conjur.myorg.com\/.*
    credentials:
      - name: accessToken
        provider: file
        id: /run/conjur/conjur-access-token

Ready to use Secretless Broker in your Kubernetes environment? Check out our Kubernetes tutorial or our deployment guides!