Fetch secrets
This topic describes how an application can fetch secrets from Conjur Cloud.
Conjur Cloud secrets
Privilege Cloud accounts sync to Conjur Cloud. Each Privilege Cloud account contains a password and possibly other sensitive data.
When the Privilege Cloud Safe containing the account syncs to Conjur Cloud, the account details are stored in Conjur Cloud as secrets in variables resources.
For more information, see Privilege Cloud Safe and account representation in Conjur Cloud.
Grant application permission on secrets
To fetch secrets, your application must have execute permissions on those secrets in Conjur Cloud.
When a Safe is synced from Privilege Cloud, a group called consumers is created for that Safe. Members of the consumers group have read and execute permissions on the secrets synced from the Safe.
To give your application permission to fetch secrets, you need to add its app ID in Conjur Cloud (the host) to the consumers group.
To grant your application permission to fetch secrets, see Grant permissions on secrets.
Fetch secrets
Your application can fetch secrets using any of the following methods:
Your application must first be granted execute permissions on the secrets it needs to fetch. For details, see Grant application permission on secrets
|
Method |
Description |
|---|---|
|
REST API |
Fetch secrets by calling a REST API. For details, see Retrieve a Secret. |
|
Conjur Cloud CLI |
Fetch secrets using the variable get command. |
|
API client libraries |
Fetch secrets using any of the following API client libraries: |
Fetch secrets locally or offline
You can set up multiple Conjur Cloud Edge to access secrets locally or offline. For details, see Conjur Cloud Edge: Local access to secrets.
View secrets
To view a list of secrets in Conjur Cloud, go to the Resources page and filter by Secrets.
Conjur Cloud admins only: Go to the Usage page to see how many secrets you have in your tenant. To see a list of the secrets, click the Secrets tile.
