Enable the seed generation service

This topic describes how to define and load policy for the Conjur Server seed generation service which enables Followers to auto-enroll additional Followers for scalability.

To enable the seed generation service:
  1. Save the following policy as seed-generation.yml:

    # =================================================
    # == Register the seed generation service
    # =================================================
    - !policy
      id: conjur/seed-generation
      # This webservice represents the Seed service API
      - !webservice
      # Hosts that can generate seeds become members of the
      # `consumers` group.
      - !group consumers
      # Authorize `consumers` to request seeds
      - !permit
        role: !group consumers
        privilege: [ "execute" ]
        resource: !webservice

    This policy:

    • Creates a seed generation webservice.

    • Creates a consumers group that is authorized to use the webservice.

  2. Load the policy to root:

    $ conjur policy load -f seed-generation.yml -b root