Scribd Logo
Upload

Welcome to Scribd!

  • CAU 03 Conjur - Fundamentals ConjurCLI

    Uploaded by

    Wowantus
    5 views16 pages
    The document provides an overview of how to install and use the Conjur CLI. It describes downloading and installing the CLI, initializing and configuring it by connecting to a Conjur server, and gives examples of common basic commands for listing, searching, and managing resources through the CLI.

    Original Description:

    Original Title

    CAU-03-Conjur_Fundamentals-ConjurCLI

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides an overview of how to install and use the Conjur CLI. It describes downloading and installing the CLI, initializing and configuring it by connecting to a Conjur server, and gives examples of common basic commands for listing, searching, and managing resources through the CLI.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views16 pages

    CAU 03 Conjur - Fundamentals ConjurCLI

    Uploaded by

    Wowantus
    The document provides an overview of how to install and use the Conjur CLI. It describes downloading and installing the CLI, initializing and configuring it by connecting to a Conjur server, and gives examples of common basic commands for listing, searching, and managing resources through the CLI.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Conjur CLI

    This lesson provides an overview on how to install


    and use the Conjur CLI (command-line interface).

    Upon completion of this lesson the participant will


    be able to:

    Lesson ► Learn how to install and use the Conjur CLI

    Objectives ► Learn basic command-line syntax of Conjur CLI

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    Installation:
    Conjur CLI

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Conjur CLI v7.x System Requirements

    • Supported Operating Systems /


    Platforms
    – Windows 10 or later
    – Red Hat Enterprise 7,8
    – macOS Catalina or later

    • Supported Conjur Version


    – Conjur Enterprise v11.2.1 or later

    For more information:


    - Conjur CLI 4

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Install Conjur CLI v7.x (RHEL)
    Uninstall earlier version (if necessary)

    1. Download Conjur CLI v7.x


    https://github.com/cyberark/cyberark-conjur-
    cli/releases

    2. Unzip Conjur CLI v7.x archive file


    sudo tar –xvf conjur-cli-rhel-7.tar.gz

    3. Give execute permissions to the conjur executable


    chmod +x conjur

    4. Copy / move Conjur CLI v7.x binary to desired path


    sudo cp conjur /usr/local/bin OR
    sudo mv conjur /usr/local/bin

    5. Verify Conjur CLI v7.x version


    conjur –version
    5
    6. Delete Conjur CLI v7.x archive
    sudo rm conjur-cli-rhel-7.tar.gz
    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
    cyberark.com
    Configure Conjur CLI v7.x (RHEL)

    • Initialize the Conjur CLI (need CA cert to be


    installed locally on machine)
    conjur init –-url
    https://<conjur_dns>

    • Alternatively - initialize the Conjur CLI


    (indicate the CA cert to be used)
    conjur init –url https://<conjur-dns>
    --ca-cert /<path>/<ca-certificate>

    • Authenticate to Conjur
    conjur login
    6

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Uninstall Conjur CLI v7.x (RHEL)

    • Remove the Conjur CLI v7.x binary


    rm /usr/local/bin/conjur

    • Remove the environment PATH (optional)


    Edit $HOME/.bash_profile or
    $HOME/.bashrc

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Conjur CLI:
    Basic Commands

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    • Powerful, robust command-line tools
    pre-packaged to support several
    platforms
    • Open Source and hosted via GitHub
    (https://github.com/cyberark/cyberark
    -conjur-cli)
    • Easy installation onto any system
    requiring administration access to
    Conjur
    • Use --help option to display
    command help

    COMMON USAGE
    • Policy Management
    • User & Host Management
    • Listing & Searching Resources
    • Secrets Management 9

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    conjur init Initialize Conjur configuration
    -u / --url Provide URL of Conjur server
    Optional - for Conjur Enterprise. Provide Conjur account name and overrides the value on
    -a / --account
    the Conjur Enterprise server
    Optional - use this option to provide Conjur server RootCA to the cli in case it is not already
    -c / --ca-cert
    trusted by this machine
    -s / --self-signed Optional - state if you want to work with self-signed certificate

    --force Optional - force overwrite of existing files

    -h / --help Display help screen and exit

    conjur login Log in to Conjur

    -i / --id Provide a login name to log into Conjur server

    -p / --password Provide a password or API key for the specified login name

    -h / --help Display help screen and exit


    10

    conjur logout Log out and delete local cache


    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
    cyberark.com
    conjur list List resources or information about resources within an organization's account
    -i / --inspect Optional - list the metadata for resources
    Optional - filter resources by specified kind (user | host | layer | group | policy | variable |
    -k / --kind
    webservice)
    -l / --limit Optional - limit list of resources to specified number
    -o / --offset Optional - skip specified number of resources
    Optional - retrieve list of resources that specified role is entitled to see (VALUE must include
    -r / --role
    resource's full identifier)
    -s / --search Optional - search for resources based on specified query
    Optional - retrieve list of direct members of a specified group/layer. Note: If more than one
    -m / --members-of
    resource in Conjur uses the same ID, VALUE must specify full resource identifier
    Optional - retrieve roles that have the specified privilege on the resource. Use '--privilege'
    -pr / --permitted-roles option to specify privilege. Note: If more than one resource in Conjur uses the same ID,
    specify full resource identifier
    -p / --privilege Use together with '--permitted-roles' option - specify the privilege you are querying
    -h / --help Display help screen and exit
    conjur host Manage hosts 11

    -rotate-api-key Rotate a host's API key


    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
    cyberark.com
    conjur user Manage users
    rotate-api-key Rotate a resource's API key
    change-password Change the password for the logged-in user
    conjur policy Manage policies
    load Load a policy and create resources
    -f / --file Provide policy file name
    -b / --branch Provide the policy branch name
    replace Fully replace an existing policy
    -f / --file Provide policy file name
    -b / --branch Provide the policy branch name
    update Update existing resources in policy or create new resources
    -f / --file Provide policy file name
    12

    -b / --branch Provide the policy branch name


    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
    cyberark.com
    conjur variable Manage variables

    get Get the value of one or more variables

    -i / --id VALUE Provide variable identifier

    --version VALUE (n) Optional - specify desired version of variable value

    set Set the value of a variable

    -i / --id VALUE Provide variable identifier

    -v / --value VALUE Set the value of the specified variable

    conjur whoami Print information about the current logged-in user

    conjur hostfactory Manage hosts and Host Factory tokens

    create Generate a Host Factory token for creating hosts, or create a host using a Host Factory token
    13

    revoke Revoke a Host Factory token and disable it immediately


    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com
    cyberark.com
    Summary

    14

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    In this session we discussed:

    • Conjur CLI installation

    • Conjur CLI basic commands

    Lab Section Exercise

    15

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com


    Thank You

    16

    Copyright © 2023 CyberArk Software Ltd. All rights reserved. cyberark.com

    You might also like