CyberArk Conjur is a security service that integrates with Pivotal Cloud Foundry (PCF) and other popular tools to provide data encryption, identity management for humans and machines, and role-based access control for sensitive secrets like passwords, SSH keys, and web services. Conjur centrally manages secrets throughout the PCF application lifecycle.
Easily Deploy Application Layer Security
Secrets managed by CyberArk Conjur are delivered securely to applications running in Pivotal Cloud Foundry.
No Developer Workflow Disruption
No developer impedance. Seamlessly integrated into the PCF Environment and Developer Workflow.
Secure Your Applications on PCF
Policy-based secrets management ensures application security. Integrates with CyberArk Enterprise Password Vault to provide end-to-end secrets management.
CyberArk is a leading security company that proactively stops the most advanced cyber threats—those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to protect against cyber threats before attacks can escalate and do irreparable business damage.
Option to broker a connection to a service running external to Pivotal Cloud Foundry.
Option to create and destroy the service instance on demand as required.
Version choice. Operators can let developers choose between multiple versions of the software when creating an instance.
The service is documented with instructions for setup and operation.
Encryption at rest. Stored data is encrypted.
Encryption in motion. Data transmitted between app and service are encrypted.
Supports high availability against internal service failures to minimize downtime for bound applications.
Multi-Availability Zone support. Make use of multiple availability zones in cloud deployments to support failover.
Get visibility into details of service operation through standard monitoring and logging tools for products and Pivotal Cloud Foundry.
Developers have control over when to upgrade to new versions, subject to policies set by operators, so that app modifications and downtime can be managed.
Available as an extension to the standard buildpacks.
The buildpack is documented with instructions for setup and operation.
“Working with Pivotal Cloud Foundry is an important step in helping organizations progress their digital transformation strategies with strong security controls that reduce risk. The integration of PCF with the CyberArk Conjur secrets management solution helps ensure that vitally important security functions within PCF are protected with consistent least privilege and security policy enforcement for next-generation applications, while making it easy for the development teams to do their jobs without exposing vulnerabilities that could be exploited by attackers.”
Adam Bosnian, EVP, Global Business Development, CyberArk
To integrate with Pivotal Cloud Foundry (PCF), Conjur maintains the CyberArk Conjur Service Broker for PCF tile on the Pivotal Network. The service broker provides the interface between PCF applications and an existing Conjur appliance.
The integration with PCF provides a unique machine identity to each application running in a PCF space. These identities are added as hosts to Conjur policy files. You can manage secrets, roles, and privileges for the PCF applications the same as you would for other hosts.
This implementation obtains the specified secrets from Conjur and injects them into the environment of the running application.