Contact Us
Conjur

Conjur

CyberArk Conjur excels in secure secrets management for DevOps.

Basic Information

CyberArk Conjur is an enterprise secrets manager designed to securely store, manage, and control access to sensitive credentials, API keys, certificates, and other secrets used in DevOps, cloud-native applications, and automation workflows.

  • Model: Conjur Enterprise (Self-Hosted) and Conjur Open Source (OSS). A SaaS version, CyberArk Secrets Manager, SaaS, is also available.
  • Latest Stable Version: Conjur Enterprise v13.7 (as of November 2025). Conjur OSS v1.21.1 (as of June 2024).
  • Release Date: Conjur Enterprise v13.1 was released in November 2023. Conjur OSS v1.19.5 was released on June 29, 2023.
  • Minimum Requirements:
    • Test/Development Environment: 2 cores, 4 GB RAM, 20 GB hard drive.
    • Production Environment: 4 cores, 8 GB RAM, 50 GB hard drive.
  • Supported Operating Systems: Host server should run an OS supported by the container runtime, typically RHEL Server, RHEL-based, or Ubuntu Server LTS. Conjur Enterprise supports Mirantis Container Runtime (MCR) on RHEL 8.x and 9.x, and Podman 3.x and 4.x on RHEL 8.x and 9.x.
  • End of Support Date: Not explicitly stated in public documentation; generally follows CyberArk's product lifecycle policies.
  • End of Life Date: Not explicitly stated in public documentation; generally follows CyberArk's product lifecycle policies.
  • Auto-update Expiration Date: Not explicitly stated.
  • License Type: Available in both Enterprise (commercial) and Open Source (OSS) versions.
  • Deployment Model: On-premises, cloud (AWS, Azure, other cloud providers with similar instance types), and multi-cloud/hybrid environments. Deployed as a containerized application (Docker, Podman).

Technical Requirements

CyberArk Conjur can be deployed in various environments, with specific requirements for development and production.

  • RAM:
    • Development: 4 GB.
    • Production: 16 GB.
  • Processor:
    • Development: 2 core x86_64 processors.
    • Production: 4 core x86_64 processors.
  • Storage:
    • Development: 20 GB disk space.
    • Production: 50 GB disk space. For auto-failover in production, a local high-performance SSD is required.
  • Display: Not a primary requirement for server deployment; managed via CLI or web interface.
  • Ports: Specific ports for communication between Conjur components (Leader, Followers) and integrated tools.
  • Operating System: Host OS supporting container runtimes like RHEL 8.x/9.x or Ubuntu Server LTS.

Analysis of Technical Requirements

Conjur's technical requirements are moderate for development and scale up for production environments, emphasizing stability and performance for enterprise-grade secrets management. The reliance on container runtimes like Docker and Podman provides flexibility in deployment across various Linux distributions. The distinction between development and production requirements allows for efficient resource allocation based on the deployment's criticality. Cloud deployment recommendations are provided for AWS, with similar instance types suggested for other cloud providers, indicating cloud-agnostic design principles.

Support & Compatibility

CyberArk Conjur offers extensive support and compatibility with various platforms and tools, crucial for DevOps and cloud-native environments.

  • Latest Version: Conjur Enterprise v13.7 and Conjur OSS v1.21.1.
  • OS Support: Host operating systems supporting Docker 1.13+ (or Mirantis Container Runtime 19.x, 20.10 on RHEL 8.x/9.x) and Podman 3.x/4.x on RHEL 8.x/9.x.
  • End of Support Date: Not publicly specified, typically aligned with CyberArk's product lifecycle.
  • Localization: Not explicitly detailed in public documentation, but enterprise solutions generally offer multi-language support.
  • Available Drivers: SDKs and APIs are available for Java, Go, Ruby, and .NET.

Analysis of Overall Support & Compatibility Status

CyberArk Conjur demonstrates strong compatibility with modern DevOps and cloud-native ecosystems, integrating with tools like Kubernetes, Ansible, Jenkins, Terraform, AWS, and Azure. The availability of SDKs for multiple programming languages facilitates integration into diverse development environments. CyberArk provides professional services and support, which is highly praised by users. The continuous updates, such as the recent Conjur Enterprise v13.1 update to Ubuntu 22.04.3 LTS and PostgreSQL 15.4, indicate active maintenance and improvement. While specific end-of-support dates are not readily available, the consistent release cycle and dedicated support suggest a robust and well-supported product.

Security Status

CyberArk Conjur is designed as a secrets management solution with a strong focus on security, offering various features to protect sensitive information.

  • Security Features:
    • Secrets Management: Securely stores credentials, API keys, and certificates in a centralized, encrypted vault.
    • Role-Based Access Control (RBAC): Implements least-privilege access with policy-based role management.
    • Machine Identity Authentication: Verifies and authenticates machine identities, applications, and services.
    • Dynamic Secret Injection: Supports dynamic secret generation for databases and other services, reducing secret exposure.
    • Audit & Compliance: Provides detailed logs for compliance reporting and security audits.
    • Encryption Support: Uses industry-standard cryptography to protect data, with API keys and signing keys stored encrypted in the database.
    • Secretless Broker: Enables applications to connect securely without fetching or managing secrets directly.
  • Known Vulnerabilities: Several vulnerabilities were patched in 2025, including critical ones allowing unauthenticated remote code execution, IAM authentication bypass, privilege escalation, and information disclosure. These are tracked as CVE-2025-49827, CVE-2025-49831, CVE-2025-49828, CVE-2025-49830, and CVE-2025-49829.
  • Blacklist Status: No indication of a general "blacklist status" in public information.
  • Certifications: Not explicitly detailed in public documentation, but compliance features are highlighted.
  • Encryption Support: Conjur uses industry-standard cryptography, storing sensitive data like API keys and signing keys encrypted in its database.
  • Authentication Methods: Supports various authenticators, including OIDC, and allows for custom authenticators.
  • General Recommendations: Promptly apply patches for known vulnerabilities. Implement robust security policies and leverage features like RBAC and dynamic secret injection.

Analysis on the Overall Security Rating

CyberArk Conjur is built with strong security foundations, offering essential features like secrets management, RBAC, and auditing. The recent discovery and patching of several critical vulnerabilities (CVE-2025-49827, CVE-2025-49831, CVE-2025-49828, CVE-2025-49830, CVE-2025-49829) highlight the importance of timely updates and continuous security vigilance. CyberArk's prompt response and provision of patches demonstrate a commitment to addressing security concerns. The platform's support for encryption and various authentication methods further strengthens its security posture. Overall, Conjur provides a robust security framework for secrets management, but like all complex software, requires diligent patching and adherence to security best practices.

Performance & Benchmarks

CyberArk Conjur is designed for scalability and performance, particularly in high-availability and distributed environments.

  • Benchmark Scores: Performance tests measure secret retrieval and write operations. For Conjur Enterprise v13.3, benchmarks involve configurations with Leader, Appliance Follower, and Kubernetes Follower.
  • Real-world Performance Metrics:
    • Tested with 50 virtual users for 10 minutes, concurrently reading data from different Safes.
    • Write operations tested with a single virtual user for policy loading and 20 virtual users for secret setting.
    • Average response times are collected across various configurations.
  • Power Consumption: Not explicitly detailed in public benchmarks, but resource requirements (CPU, RAM) provide an indication.
  • Carbon Footprint: Not explicitly detailed.
  • Comparison with Similar Assets:
    • HashiCorp Vault: Both offer centralized secrets management and policy-based access. Conjur is often seen as more user-friendly with better policy, user, and role management, and superior quality of support. Vault is noted for its flexibility in multi-cloud environments and strong automated provisioning. Conjur may have issues handling millions of secrets and thousands of fetches per second without performance bottlenecks, while Vault scales well for high throughput.
    • CyberArk Privileged Access Manager (PAM): Conjur excels in "Anomaly Detection" and "Multi-Factor Authentication" (9.6 score), while PAM has a slightly higher "Password Vault" score (9.7). Conjur's "Centralized Management" is highly rated (9.5).

Analysis of the Overall Performance Status

Conjur's architecture, with Leader and Follower components, supports high availability and scalability, allowing distribution across zones and multi-cloud environments to minimize latency. While designed to be highly scalable, some comparisons suggest potential performance bottlenecks when handling extremely large volumes of secrets and high request rates. Recent updates, such as the PostgreSQL upgrade in Conjur 13.1, aim to improve performance and resilience. Benchmarking focuses on secret retrieval and write operations, providing insights into its operational efficiency. The performance is generally considered robust for enterprise use cases, especially in DevOps secret management.

User Reviews & Feedback

User reviews and feedback for CyberArk Conjur highlight its strengths in secrets management and ease of use, while also pointing out areas for improvement in user interface and initial navigation.

  • Strengths:
    • User-Friendly: Many users find Conjur to be a user-friendly tool with simple management of secrets.
    • Robust and Efficient: Praised as a robust and efficient solution for DevOps secret management, particularly in cloud-native domains.
    • Excellent Tech Support and Documentation: CyberArk's tech support is highly regarded, and the available documentation is appreciated.
    • Centralized Management and Audit Trails: Effective for oversight of security policies and comprehensive logging for compliance.
    • Rock Solid: Described as "rock solid" with rare faults, and auto-failover clusters maintain service availability.
  • Weaknesses:
    • Initial Confusion: Some users found Conjur confusing to navigate at first, requiring time to explore functionalities.
    • User Interface: Feedback suggests the user interface could be more attractive and user-friendly, with some finding it "boring" or "unpleasant."
    • API Complexity: The API for accessing and managing authentication tokens is sometimes described as not intuitive or complicated.
    • Sync Performance with Large Volumes: In large environments, there can be a delay with Conjur sync, which can impact highly available systems.
  • Recommended Use Cases:
    • Securing and managing secrets (passwords, keys, certificates) in DevOps, cloud-native applications, and automation workflows.
    • Implementing role-based access control for sensitive information.
    • Integration with CI/CD tools like Kubernetes, Ansible, Jenkins, and Terraform.
    • Organizations already using CyberArk products that need a solution for containerized environments with high compliance and audit requirements.

Summary

CyberArk Conjur is a comprehensive secrets management solution tailored for modern DevOps, cloud-native, and automated environments. It excels in securely storing, managing, and controlling access to sensitive credentials through a centralized, encrypted vault. Key strengths include robust Role-Based Access Control (RBAC), machine identity authentication, dynamic secret injection, and detailed audit capabilities, all crucial for maintaining compliance and security posture.

The asset is highly compatible with a wide array of DevOps tools and container platforms, offering SDKs for popular programming languages to facilitate integration. Its architecture supports high availability and scalability, with deployment options spanning on-premises, cloud, and hybrid environments. User feedback generally praises its user-friendliness, efficiency in DevOps secret management, and the quality of CyberArk's technical support and documentation.

However, Conjur is not without its weaknesses. Some users report an initial learning curve and find the user interface less intuitive or aesthetically pleasing. The API for authentication token management can also be complex. Performance with extremely large volumes of secrets and high-frequency sync operations can sometimes introduce delays. Furthermore, recent critical vulnerabilities, though promptly patched by CyberArk, underscore the ongoing need for diligent security updates and management.

In comparison to similar assets like HashiCorp Vault, Conjur is often highlighted for its superior policy, user, and role management, and ease of use, while Vault may offer more flexibility in multi-cloud scenarios. Conjur is particularly recommended for organizations deeply invested in the CyberArk ecosystem or those prioritizing strong compliance and audit requirements within containerized environments.

Overall, CyberArk Conjur is a powerful and reliable solution for enterprise secrets management, providing essential security controls for dynamic IT landscapes. Its strengths in core secrets management, integration, and support make it a strong contender, provided organizations are prepared to manage its interface nuances and stay current with security patches.

The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.

Simplify your IT ecosystem with InvGate Asset Management

30-day free trial - No credit card needed

Get started

Clear pricing

No surprises, no hidden fees — just clear, upfront pricing that fits your needs.

View Pricing

Easy migration

Our team ensures your transition to InvGate is fast, smooth, and hassle-free.

View Customer Experience