Lesson 5: Create an identity for your workload

In this lesson, you will learn how to create and identity in Conjur Cloud for your workload.

Workloads are any non-human users in your environment. You create a workload identity by defining it in a Conjur Cloud policy object called a host.

Each host can be created with different attributes based on:

  • the type of workload

  • the method of authentication used by the workload

To create a simple host that authenticates using an API key:

This task assumes you are logged in to the Conjur Cloud CLI as a Conjur Cloud admin user.

  1. Create a policy for the host:

    - !host
  id: <host name>
  annotations:
    authn/api-key: true

  2. Save the policy as myapp-host.yaml.

  3. Load the policy file into the data policy branch:

    $ conjur policy load -b data -f myapp-host.yaml

    The policy is loaded and an API key is returned.

  4. Copy the API key. You will need this key when you authenticate myapp to Conjur Cloud.

    Save the API key securely as a Privilege Cloud account.

Lesson 6: Grant the workload permissions on secrets

In this lesson you learned how to set up authentication for your application using the Conjur Cloud's Default Authenticator. For additional supported authentication methods, see Supported authentication methodsSupported Conjur Cloud authenticators.