CyberArk Conjur MCP connector
CyberArk Conjur is an open source secrets management and identity access management platform that secures applications and infrastructure. The CyberArk Conjur MCP connector allows AI agents to obtain short-lived access tokens for applications across AWS, Azure, Google Cloud Platform, Kubernetes, and JWT-based authentication, verify authenticator configurations, and manage certificate signing requests for Kubernetes pods. It also supports retrieving API keys through LDAP authentication and checking which authenticators are configured on the Conjur server.
Authentication type
- Basic Auth - Requires a username and password to be configured for the agent to access the service.
Uses
Use the CyberArk Conjur MCP connector to perform the following actions:
- Retrieve secrets and credentials without storing them in applications
- Authenticate users and applications across cloud platforms and Kubernetes environments
- Rotate API keys and passwords automatically to reduce security risks
- Control access to sensitive data through role-based permissions and policies
- Verify application identity and issue short-lived tokens for secure API calls
- Manage certificate signing requests and client certificates in Kubernetes clusters
- Integrate identity and access management into automated business workflows
Example prompts
Use the following example prompts to invoke CyberArk Conjur MCP connector tools from your AI assistant or Boomi Connect workflow:
Fetch the database password secret from CyberArk Conjur for our application.Authenticate my Kubernetes pod with CyberArk Conjur and get an access token.Rotate the API key for this service account in CyberArk Conjur.Show me all resources and their access permissions in CyberArk Conjur.Get a short-lived token to authenticate this Azure application with CyberArk Conjur.Retrieve multiple secrets at once from CyberArk Conjur for our workflow.Check if the LDAP authenticator is properly configured in CyberArk Conjur.Create a new host using the Host Factory in CyberArk Conjur.Change the password for a user account in CyberArk Conjur.Get the current health status of our CyberArk Conjur server.
CyberArk Conjur MCP connector tools
The CyberArk Conjur MCP connector provides the following tools. Each tool maps to a specific action you can invoke from your AI agent or automation.
| Tool | Description |
|---|---|
| getAuthenticators | Retrieves details about which authentication methods are configured on the Conjur server. |
| getAccessTokenViaAzure | Obtains a temporary access token for applications deployed in Microsoft Azure environments. |
| getAccessTokenViaGCP | Obtains a temporary access token for applications deployed in Google Cloud Platform environments. |
| getGCPAuthenticatorStatus | Checks whether an authentication service has been properly configured for Google Cloud. |
| getAccessTokenViaAWS | Obtains a temporary access token for applications deployed in Amazon Web Services environments. |
| getAccessTokenViaJWT | Obtains a temporary access token for applications using JSON Web Token authentication. |
| getAccessTokenViaJWTWithId | Obtains a temporary access token for applications using JSON Web Token authentication with an identifier. |
| k8sInjectClientCert | Sends a certificate signing request and injects a client certificate into a Kubernetes pod. |
| getAccessTokenViaKubernetes | Obtains a temporary access token for applications running in Kubernetes clusters. |
| getAPIKeyViaLDAP | Retrieves a user's API key using LDAP credentials for authentication. |
| getAccessTokenViaLDAP | Obtains a temporary access token for users and hosts using LDAP identity. |
| getAccessTokenViaOIDC | Obtains a temporary access token for applications using OpenID Connect authentication. |
| rotateApiKey | Generates a new API key for a role, replacing the existing one. |
| getAPIKey | Retrieves a user's API key using their username and password. |
| changePassword | Updates a user's password to a new value. |
| getAccessToken | Obtains a temporary access token required for subsequent authenticated requests. |
| sign | Requests a signed certificate from the configured Certificate Authority service. |
| health | Retrieves current health status information about the Conjur server. |
| createHost | Establishes a new host identity using the Host Factory. |
| createToken | Generates one or more host identity tokens for authentication purposes. |
| revokeToken | Invalidates a token, immediately preventing its use for authentication. |
| info | Retrieves basic information and details about the Conjur server. |
| updatePolicy | Modifies an existing Conjur policy document with new rules and permissions. |
| loadPolicy | Adds new data and rules to an existing Conjur policy. |
| replacePolicy | Loads or replaces an entire Conjur policy document. |
| showPublicKeys | Lists all public keys associated with a specific resource. |
| remoteHealth | Retrieves current health status information about a remote Conjur server. |
| showResourcesForAllAccounts | Lists all resources across multiple organization accounts. |
| showResourcesForAccount | Lists all resources within a specific organization account. |
| showResourcesForKind | Lists all resources of a specific type within an account. |
| showResource | Shows a description of a single resource. |
| removeMemberFromRole | Deletes an existing role membership. |
| showRole | Get role information. |
| addMemberToRole | Update or modify an existing role membership. |
| getSecrets | Fetch multiple secrets. |
| getSecret | Fetches the value of a secret from the specified Secret. |
| whoAmI | Provides information about the client making an API request. |
| enableAuthenticator | Enables or disables authenticator defined without service_id. |
| enableAuthenticatorInstance | Enables or disables authenticator service instances. |
| getServiceAuthenticatorStatus | Details whether an authentication service has been configured properly. |
