New Conjur CLI v4.29.0 Release
February 11, 2016 | DevOps | Dustin Collins
Earlier this week we released a new version of the Conjur CLI. You can download it now from the Conjur developer site.
Conjur CLI v4.29.0 contains many new features and bugfixes. This update takes advantage of several new features in Conjur v4.6.0, also released this week.
Here are the highlights:
Rotate API keys more easily
User and host API keys can now be rotated from the CLI. You no longer need access to a Conjur server to refresh API keys or reset user passwords. New API keys are randomly generated.
$ conjur user rotate_api_key --user vincent.cruz
$ conjur host rotate_api_key --host prod/redis/redis004
Set expiration timestamps on variables
Variables can now be set to expire. Once a variable has expired, it can no longer be used and a new value must be added. All expiration events are recorded in the audit log. This feature requires Conjur v4.6.0 or newer.
$ conjur variable expire --days 90 prod/docker-registry/ssl-cert
# Show me the variables that expire within the next 100 days
$ conjur variable expirations --days 100
Whitelist access to Conjur by IP range
User and host access to Conjur can now be restricted by one or more CIDR ranges. In short, if you set an IP range for a user or host, they can only contact your Conjur environment from that range. CIDR limiting also works with host factory tokens, making them more secure.
# Restrict user access by company subnet
$ conjur user update --cidr 2126.96.36.199/32 vincent.cruz
# Restrict host access by VPC subnet
$ conjur host update --cidr 10.10.1.0/32 prod/redis/redis004
# Restrict host factory token usage by VPC subnet
$ conjur hostfactory tokens create --cidr 10.10.1.0/32 prod/redis-factory
Check server health and version info
You can now check the health of any node in your Conjur environment from the CLI (and API). Conjur service version information is now available as well.
# Checking the health of the Conjur master
$ conjur server health
# View the installed version of the CLI and Conjur server
$ conjur version
Conjur client version 4.29.0
Conjur appliance version: 4.6.0-200-g84ad06c
Conjur service versions:
Download the new CLI, try it out, and let us know what you think!