The Conjur provider (
conjur) populates credentials from an external
To use the Conjur provider, Secretless must be configured to authenticate with Conjur. The Secretless Broker currently supports several methods of authenticating with Conjur (activating the first non-empty method in this order):
Conjur Kubernetes authenticator-based authentication
In this mode Secretless behaves as an authn-k8s-client and retrieves machine identity through orchestrator-facilitated attestation.
These methods also require
be set in the environment of the Secretless Broker. You may optionally
also include any other configuration environment variables that are
allowed by the Conjur Go Client Library.
listeners: - name: pg_listener protocol: pg address: 0.0.0.0:5432 handlers: - name: pg_handler listener: pg_listener credentials: - name: address provider: conjur id: postgres/my-service/address - name: username provider: conjur id: postgres/my-service/username - name: password provider: conjur id: postgres/my-service/password