Enable the seed generation service
This topic describes how to define and load policy for the Conjur Server seed generation service which enables Followers to auto-enroll additional Followers for scalability.
-
Save the following policy as seed-generation.yml:
--- # ================================================= # == Register the seed generation service # ================================================= - !policy id: conjur/seed-generation body: # This webservice represents the Seed service API - !webservice # Hosts that can generate seeds become members of the # `consumers` group. - !group consumers # Authorize `consumers` to request seeds - !permit role: !group consumers privilege: [ "execute" ] resource: !webservice
This policy:
-
Creates a seed generation webservice.
-
Creates a
consumers
group that is authorized to use the webservice.
-
-
Load the policy to root:
$
conjur policy load -f seed-generation.yml -b root