To configure an agentless connection using Conjur secrets, the username and secret (password or key) must both be stored in Conjur. Their location in the Conjur policy is up to the Conjur administrator.
With Conjur, service users for API access are called hosts. We recommend that you create a host dedicated to Cyberwatch and give it read-only access to only the secrets it needs.
If your infrastructure is segmented, you may create one host per segment, each with restricted permissions, and register each host individually.
To add your Conjur host credentials to Cyberwatch, go to menu Stored credentials, then add a credentials set of type CyberArk Conjur:
The Conjur account is usually named after your organization, or may be the name of a specific secrets safe. The account must contain the secrets you wish to access and the Conjur host Cyberwatch will authenticate as.
The host ID is the path from the root policy to the host resource Cyberwatch will use, prefixed by
The API key is a random passphrase generated when the Conjur host is created.
For more details about host creation in Conjur, see the Conjur official tutorial Enrolling an application.