This lab is currently in Beta, content may be updated as we refine the material
LABINTERMEDIATE

Secret Delivery with Summon and Secretless

Inject a Conjur secret into an app at process launch with Summon, then front a PostgreSQL connection with the Secretless Broker so the app holds no credential at all.

45 minutes
Secret Delivery with Summon and Secretless - Platform Engineering Hands-On Lab Icon
Share this Lab

Lab Overview

In this lab you deliver Conjur-managed secrets to applications two different ways, without the app ever speaking the Conjur API itself. First you store a database password in Conjur and give a machine identity (Conjur host) permission to read it. Then you use Summon to inject that secret as an environment variable at process launch, so it lives only in the process memory and is never written to disk. Finally you stand up the Secretless Broker with a PostgreSQL connector, so a client connects to the database through a local proxy and the application holds no credential whatsoever. You finish by proving zero-secret operation: the app config and environment contain no raw password, yet the connection still works.

What You'll Learn

Store an application secret in Conjur and grant a machine identity (host) permission to read it

Configure Summon with a secrets.yml that maps environment variables to Conjur variable ids

Launch an application via summon so secrets are injected at process launch and never hit disk

Stand up the Secretless Broker with a PostgreSQL connector so the app holds no credential

Prove zero-secret operation by inspecting the app environment and connecting through Secretless

Prerequisites

Completion of the Conjur OSS deployment and policy-as-code labs (or equivalent knowledge)

Basic Linux command-line familiarity

Basic understanding of environment variables and PostgreSQL connection strings

Technologies Covered

conjurcyberarksecrets-managementsummonsecretless-brokermachine-identityintermediate

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly
Try Premium free for 7 days →

Just exploring? Start free below. Want the full experience? Try Premium free for 7 days (card required, $0 today).

Pro

All courses, with lab scripts to run on your own machine

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Lab scripts to download and run on your own machine (hosted labs not included)
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access, including unlimited hosted labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs, fully hosted on TeKanAid Academy (nothing to set up)
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support
Get Access Now

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Just exploring? Start free, no account needed

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

▶ Start with free courses and labs🧩 Solve your first free puzzle📧 Get the free email crash course

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now