Enable the seed generation service

This topic describes how to define and load policy for the Conjur Server seed generation service which enables Followers to auto-enroll additional Followers for scalability.

To enable the seed generation service:

  1. Save the following policy as seed-generation.yml:

      
    ---
# =================================================
# == Register the seed generation service
# =================================================
- !policy
  id: conjur/seed-generation
  body:
  # This webservice represents the Seed service API
  - !webservice

  # Hosts that can generate seeds become members of the
  # `consumers` group.
  - !group consumers

  # Authorize `consumers` to request seeds
  - !permit
    role: !group consumers
    privilege: [ "execute" ]
    resource: !webservice

    This policy:

    • Creates a seed generation webservice.

    • Creates a consumers group that is authorized to use the webservice.

  2. Load the policy to root:

      
    $ conjur policy load -f seed-generation.yml -b root