Conjur 101 — Secrets Management with CyberArk Conjur Open Source
A comprehensive, hands-on course covering CyberArk Conjur Open Source from fundamentals to production-ready integrations. Learn how Conjur's policy-as-code RBAC model eliminates secrets sprawl, deploy Conjur with Docker Compose, drive it through the CLI v8 and REST API, model machine identity with declarative policy, manage and rotate secrets, authenticate workloads with JWT, Kubernetes, and AWS IAM, and deliver secrets to applications with Summon and the Secretless Broker, all on the self-hosted, open-source edition.
Course Preview
Why This Course is Different
Get everything you need to master platform engineering and advance your career
Certificate of Completion
Earn a certificate while gaining real-world skills that go beyond traditional certification prep
Hands-on Labs
9 practical labs with real-world scenarios in pre-configured cloud environments
Expert-Led
Learn from Sam Gabrail, Former HashiCorp Sr. Solutions Engineer with 18+ years experience
Community Support
Join our community where members help each other and collaborate on learning
What You'll Master
Explain the secrets sprawl problem and how Conjur OSS addresses it with machine identity
Describe Conjur's architecture (server, PostgreSQL, Nginx, REST API) and the OSS versus Enterprise boundary
Deploy Conjur OSS v1.24.0 with Docker Compose and create an account
Drive Conjur through the CLI v8 and the REST API
Model role-based access control declaratively with policy-as-code YAML
Store, version, organize, and batch-retrieve secrets
Configure authenticators including API key, JWT, OIDC, LDAP, Kubernetes, and AWS IAM
Integrate Conjur with Kubernetes using authn-k8s, the Secrets Provider, and ESO
Deliver secrets to applications with Summon and the Secretless Broker
Operate Conjur in production with auditing, rotation, backup, and health monitoring
Course Curriculum
SECTION 1 – COURSE INTRODUCTION
Course overview, what you will build, and how the hands-on labs work.
- •Community
- •Course Introduction and What You Will Build
- •Lab Environment Guide
SECTION 2 – INTRODUCTION TO CONJUR
The secrets sprawl problem, what Conjur OSS is, its architecture, and how it compares to alternatives.
- •The Secrets Sprawl Problem
- •What Is CyberArk Conjur?
- •Conjur Architecture
- •Conjur vs Vault vs Akeyless
- •Conjur Use Cases
- •The Conjur OSS Suite Components
- •Deploy Conjur OSS with Docker ComposeLab
- •Readiness Check: Conjur FundamentalsQuiz
SECTION 3 – GETTING STARTED — DOCKER, CLI, AND API
Deploy Conjur OSS with Docker Compose, install the CLI v8, and interact through the REST API.
- •Docker Compose Quickstart Deep-Dive
- •Installing and Initializing the Conjur CLI v8
- •Admin Login and the API Key Model
- •CLI Basics: list, whoami, and Resource IDs
- •The Conjur REST API: Authenticate, Token, Fetch
- •Client Libraries and SDKs Overview
- •Conjur CLI and REST APILab
- •Section 3 Quiz: Getting Started with Docker, CLI, and APIQuiz
SECTION 4 – POLICY AS CODE (RBAC MODEL)
The declarative YAML policy model that defines Conjur's role-based access control.
- •Why Policy as Code
- •Policy Entities: User, Host, Group, and Layer
- •Policy Entities: Policy, Variable, and Webservice
- •Permissions: Privileges and !permit
- •Permissions: !grant and Membership
- •Ownership and Policy Branches
- •Loading, Replacing, and Updating Policy Safely
- •Host Factory: Bulk Host Enrollment
- •Policy as Code with ConjurLab
- •Section 4 Quiz: Policy as Code (RBAC Model)Quiz
SECTION 5 – SECRETS MANAGEMENT
Storing, versioning, organizing, and retrieving secret values in Conjur OSS.
- •Variables and Secret Values
- •Secret Versioning and Retrieval
- •Batch Retrieval of Secrets
- •Organizing Secrets by Environment
- •Static vs Dynamic Secrets in Conjur OSS
- •Managing Secrets in ConjurLab
- •Section 5 Quiz: Secrets ManagementQuiz
SECTION 6 – AUTHENTICATION AND MACHINE IDENTITY
Conjur authenticators and how to design machine identity for workloads and humans.
- •Authenticators Overview and CONJUR_AUTHENTICATORS
- •API-Key Authentication (authn, the Default)
- •JWT Authentication (authn-jwt)
- •OIDC Authentication (authn-oidc) for Humans
- •LDAP Authentication (authn-ldap)
- •Host Identity and Rotation of Host API Keys
- •Designing Machine Identity
- •Authenticator Policy Patterns
- •JWT Authentication with ConjurLab
- •Section 6 Quiz: Authentication and Machine IdentityQuiz
SECTION 7 – KUBERNETES INTEGRATION
Authenticating pods with authn-k8s and delivering secrets via the Secrets Provider and ESO.
- •The Kubernetes Secrets Challenge
- •authn-k8s Architecture: How Conjur Verifies Pod Identity
- •Secrets Provider for Kubernetes: Init Container and Sidecar Modes
- •External Secrets Operator (ESO) with Conjur
- •Secretless Broker on Kubernetes (Overview)
- •Choosing a Kubernetes Pattern: Secrets Provider vs ESO vs Secretless
- •Kubernetes Authentication with ConjurLab
- •Section 7 Quiz: Kubernetes IntegrationQuiz
SECTION 8 – CLOUD AUTHENTICATORS
Cloud-native machine identity with authn-iam (AWS), and authn-azure and authn-gcp scenarios.
- •Cloud-Native Machine Identity
- •AWS IAM Authentication (authn-iam)
- •Azure Authentication (authn-azure): A Scenario
- •GCP Authentication (authn-gcp): A Scenario
- •Choosing and Securing Cloud Authenticators
- •AWS IAM Authentication with ConjurLab
- •Section 8 Quiz: Cloud AuthenticatorsQuiz
SECTION 9 – SECRET DELIVERY — SUMMON AND SECRETLESS
Delivering secrets to applications without them speaking the Conjur API directly.
- •The Secret-Injection Problem
- •Summon: Env-Var Injection at Process Launch
- •The Secretless Broker: Zero-Secret Apps
- •Secretless Connectors: Databases and HTTP
- •Decision Guide: Summon vs Secretless vs Secrets Provider
- •Secret Delivery with Summon and SecretlessLab
- •Section 9 Quiz: Secret Delivery (Summon and Secretless)Quiz
SECTION 10 – CI/CD INTEGRATION
Delivering secrets to CI/CD pipelines with GitHub Actions, Jenkins, and Ansible.
- •The CI/CD Secrets Problem
- •GitHub Actions with authn-jwt (OIDC Federation)
- •The Jenkins Conjur Plugin
- •The Ansible Conjur Lookup Plugin
- •Section 10 Quiz: CI/CD IntegrationQuiz
SECTION 11 – OPERATIONS — AUDIT, ROTATION, BACKUP, HA
Operating Conjur OSS in production: audit trail, rotation, backup, scaling, and health.
- •The Conjur Audit Trail
- •Secret and API-Key Rotation
- •Backup and Restore of Conjur OSS
- •High Availability and Scaling: OSS Limits vs Enterprise
- •Health, Monitoring, and Upgrade Basics
- •Audit and Rotation in ConjurLab
- •Section 11 Quiz: Operations (Audit, Rotation, Backup, HA)Quiz
SECTION 12 – CLOSING REMARKS
Next steps, the OSS to Enterprise upgrade path, community, and continued learning.
- •Next Steps and the OSS to Enterprise Upgrade Path
- •Community and Continued Learning
Course Features
Hands-on Labs
Lots of hands-on labs to learn by doing
Join our Community
Community support to ask questions and collaborate
Test Your Knowledge
Quizzes to help you grasp the material well
See what others are saying about our Courses
“I like the Crossplane 101 course a lot. I think it is one of the best online courses I have taken (and I've taken a lot in the last 2 years, transitioning into DevOps). The labs are phenomenal – every task has a long tutorial with lots of explanations, gotchas, and recaps, and you always provide the reasoning for implementing a certain solution.”
“I just completed the Crossplane 101 course! Managing infrastructure as Kubernetes resources is a total game-changer. A huge thanks to TeKanAid and Sam Gabrail for the incredible training and insights.”
“Although I've worked with Crossplane in real production environments, I always felt there were gaps in my understanding. Completing this course filled those gaps perfectly. I had to unlearn and relearn quite a few things, especially around Crossplane v2.0 concepts. Well structured and thoughtfully put together. Highly recommended for building a strong, foundational understanding of Crossplane.”
“Dear Sam, I hope this email finds you well. If you remember before the end of last year I register for one your courses Terraform 101 – Certified Terraform Associate, I must admit that I learned a lot even though I was not patient enough for all videos to be available. All in all I enjoy the way you structured the course and how you went through it. The main reason of this email, to send you my gratitude for the content you created and to let you know that I passed my exam/test last week.”
“This course was a perfect introduction to Terraform and Infrastructure as Code. Loved the gitpod, saving me a lot of time for developer environment setup. We have a project at work where we want to go from a click-ops version of server-deploy to a more automated flow using ci/cd and terraform for deploying virtual servers.”
“I want to thank you for such wonderful courses. They are more comprehensive than other courses I have taken in the past. You take the time to explain every detail of the code and what it does exactly, further enforcing your student's understanding and confidence in what they are learning. Your methods are very effective and set you apart from other instructors.”
Choose your plan
Simple, Transparent Pricing
Unlock full access to TeKanAid courses, labs, and bootcamps
Pro
Course content without labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Full access to all courses
- Progress tracking
- Certificate of completion
- Community access
- Bootcamp participation
- New content access
Premium
Full access with hands-on labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Everything in Pro
- Unlimited hands-on labs
- Lab AI Assistant
- Accelerator bootcamps with live office hours
- Priority support
Prefer just this course?
Purchase Conjur 101 — Secrets Management with CyberArk Conjur Open Source for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.
Buy this course for $79 →Try it free, no credit card
Three free ways to start. All bridge into the paid Premium catalog when you're ready.
Not ready to commit? The crash course is email-only. No academy account required.
Hi there, I'm Sam
I'm a husband and father of two wonderful boys. I'm also very passionate 🔥 about all things technology. From when I was 10, I had a dream to become a computer 💻 engineer one day. Here I am today living the dream!
Thanks for visiting TeKanAid Academy. My goal is to teach you all things DevOps. Below are some of the things I've done over the years. I'm confident that I can help you achieve your dreams too.
- 18+ years of experience in various Information Technology fields from Telecommunications, Computer Networks, Digital Transformation, DevOps, Cybersecurity, and IoT
- President of TeKanAid Solutions Inc. building online content in the DevOps space
- Previous – Sr. Solutions Engineer at HashiCorp
View my Certifications
Terraform: Authorized HashiCorp Instructor
Verify my certificate
HashiCorp Authorized Instructors are experienced DevOps professionals who deliver official HashiCorp training courses in person and virtually.
Issued by HashiCorp Partner Network (HPN)
Vault: Authorized HashiCorp Instructor
Verify my certificate
HashiCorp Authorized Instructors are experienced DevOps professionals who deliver official HashiCorp training courses in person and virtually.
Issued by HashiCorp Partner Network (HPN)
HashiCorp Certified: Terraform Associate (002)
Verify my certificate
Earners of the HashiCorp Certified: Terraform Associate certification know the basic concepts, skills, and use cases associated with open source HashiCorp Terraform.
Issued by HashiCorp
HashiCorp Certified: Vault Associate (002)
Verify my certificate
Earners of the HashiCorp Certified: Vault Associate certification know the basic concepts, skills, and use cases associated with open source HashiCorp Vault.
Issued by HashiCorp
Featured Products
Week 4: AI Agents and Agentic Workflows
Part of the AI Platform Engineering Bootcamp. Week 4 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
Week 1: AI Foundations for Infrastructure Engineers
Part of the AI Platform Engineering Bootcamp. Week 1 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
Week 7: AI Observability and LLMOps
Part of the AI Platform Engineering Bootcamp. Week 7 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
30-Day Money-Back Guarantee
Try it risk-free
I'm confident you'll get everything you need from this course and be 100% satisfied. But in the unlikely event you decide it's not for you just ask for a refund any time during the first 30 days and you'll get your money back with no questions asked.