Akeyless
Cloud-native SaaS platform for unified secrets management and machine identity security
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Role-based secrets management for modern cloud infrastructure
Conjur secures secrets and manages machine identities across cloud toolchains using policy-driven access control, REST APIs, and industry-standard cryptography.
Conjur is a secrets management platform designed for DevOps teams and security engineers managing modern cloud environments. It provides centralized control over secrets, credentials, and machine identities across IaaS, CI/CD pipelines, container orchestration, and configuration management tools.
At its core, Conjur uses Machine Authorization Markup Language (MAML), a role-based policy language that defines system components, privileges, and access rules. This declarative approach enables teams to version-control security policies alongside infrastructure code. The platform manages identity lifecycles for both humans and machines, issues signed authentication tokens, and enforces sophisticated permission models through a REST API.
Conjur encrypts secrets using AES-256-GCM and signs tokens with 2048-bit RSA keys via the Slosilo cryptography library, which has undergone professional security audits. The system runs in Docker containers with PostgreSQL as the data store, supports multi-tenant account isolation, and integrates throughout the cloud toolchain. Organizations can enable built-in authenticators and rotators or create custom extensions to fit specific workflows.
When teams consider Cyberark Conjur, these hosted platforms usually appear on the same shortlist.
Cloud-native SaaS platform for unified secrets management and machine identity security
Managed service for securely storing, retrieving, and rotating application secrets (credentials, API keys, etc.)
Cloud service for secure storage and management of cryptographic keys, secrets, and certificates
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
CI/CD Pipeline Secret Injection
Securely deliver database credentials and API keys to build agents without hardcoding secrets in repositories or environment variables
Kubernetes Workload Authentication
Authenticate pods and containers using machine identities, then retrieve secrets based on role-based policies tied to service accounts
Multi-Environment Access Control
Define separate policies for dev, staging, and production environments while maintaining centralized secret storage and rotation
Automated Credential Rotation
Schedule regular rotation of database passwords and API tokens using built-in rotators, reducing exposure window for compromised credentials
All encrypted data becomes permanently unrecoverable. The master data key must be securely backed up and protected as it encrypts all secrets, API keys, and signing keys in the database.
Conjur is designed for Docker-based deployment with PostgreSQL. While technically possible to run outside containers, the architecture and documentation assume containerized environments.
Conjur supports multiple isolated accounts within a single database. Each account has its own token-signing key and policy namespace, managed through the /accounts service with policy-controlled access.
Machine Authorization Markup Language is Conjur's declarative policy language for defining roles, resources, and permissions. It enables infrastructure-as-code practices for security policies with version control and peer review.
CyberArk provides a migration guide in the repository (design/MIGRATION.md) that documents the data migration process from the open-source version to Conjur Enterprise Edition.
Project at a glance
ActiveLast synced 4 days ago