Conjur 4.9 – Full Puppet Integration


March 10, 2017 | DevOps | Dustin Collins

Today we are proud to announce the general availability of Conjur 4.9! Conjur helps organizations large and small manage the security risk of delivering apps to the cloud by securing the Continuous Delivery pipeline. To that end, Conjur provides first-class integrations with the tools most often used to construct these pipelines.

Puppet integration

Conjur 4.9 provides a complete integration with Puppet, a configuration management platform that enables organizations to operate their infrastructure with more agility and confidence. Conjur’s Puppet integration consists of two parts: an official Puppet module and Puppet annotation support in the Conjur UI.

Puppet module

Version 1.0 of the official Conjur Puppet module is now available on the Puppet Forge.

This module simplifies the operation of establishing Conjur host identity and allows authorized Puppet nodes to fetch secrets from Conjur. Compared to solutions like hiera-eyaml, our Puppet module is simpler to use and provides more visibility and flexibility for Puppet secrets workflows. 

Highlights for Conjur’s Puppet integration include:

  • Secrets are never exposed to the Puppet master.
  • Node identity is established with Host Factory tokens. This avoids the need to deploy decryption keys to Puppet nodes before converge.
  • The module works with or without a Puppet master.
  • Every attempt to access a secret is recorded to Conjur’s immutable audit log.
  • Sensitive data type is supported for Puppet agents 4.6 and higher. This makes it easier to keep sensitive information out of Puppet logs.

See the Puppet Forge page for the module for complete instructions and examples.

Our Puppet module is open source and hosted on GitHub:

Conjur UI

The Conjur UI has been enhanced to make it easier to view and manage hosts maintained with Puppet. The Conjur Puppet module automatically applies a “puppet” annotation to any host created with a Host Factory token. Puppet hosts can now be distinguished at a glance in the Conjur UI by a prepended Puppet icon.

Additionally, any role or resource annotated with “puppet” can now be found by using the search bar in the Conjur UI. This makes it much easier to view and run security reports on the identities and secrets used by Puppet in any environment.


Please see the full 4.9.0 release notes for more details and the full list of changes in this release.
Contact us for release access and upgrade instructions, or if you have any questions. We hope you enjoy this new release of Conjur!




Keep up-to-date on security best practices, events and webinars.

Share This