Integration of Conjur with supported Kubernetes-based implementations, such as Red Hat OpenShift, GKE, and EKS enables applications running on your Kubernetes platform to retrieve secrets stored in Conjur securely, without ever exposing the secrets to third parties.


Supported Kubernetes-based environments

The following Kubernetes-based environments are supported:





v4.6 EUS, v4.8, v4.9, 4.10 with an internal Docker registry

Support for OpenShift v3.11 and v4.7 has been officially deprecated and is no longer validated by CyberArk.

v4.8, v4.9, v4.10 with an internal Docker registry

Google Kubernetes Engine (GKE)

All GKE supported versions


Other Kubernetes environments



What does the integration provide?

The Conjur - Kubernetes integration provides the following:

  • End-to-end encryption of secrets through mutual TLS (certificate-based authentication only)

  • Robust authentication and authorization incorporating security policy, signed certificates (certificate-based authentication only), and native Conjur authenticators:

    • Kubernetes Authenticator for certificate -based authentication

    • JWT Authenticator for JWT-based authentication

  • Security policy provides separation of duties, letting your security teams control container access while development teams define application requirements

  • Deployment of applications across environments and Pods

  • Secret rotation and centralized auditing

  • Scalability and performance advantages of the Conjur Leader-Follower architecture: Followers provide read-only activity for clients; automatic scale-up by the auto-enrollment of Followers as needed