

CyberArk Conjur — now CyberArk Secrets Manager — is a serious enterprise machine-identity vault: FIPS-validated, fully-enforcing policy-as-code, deep Kubernetes authentication, and consolidation into a broader PAM platform for human and machine privileged access. KnoxCall is not a PAM replacement. It is the outbound-credential layer that sits in front: the third-party bearer key is injected at the egress wire and never enters your workload, custodial rotation rotates the underlying vendor key itself, and the whole thing is self-serve from $0 instead of per-identity enterprise licensing.
Runtime Exposure — the outbound credential class
Conjur delivers the key to the authenticated workload by design — that is its job; the residual below is inherent to delivery, not a Conjur flaw. Scope: third-party outbound bearer keys (Stripe, OpenAI, Twilio, SendGrid) on the egress hot path, not in-process credentials or your app’s own encryption keys.
| Feature | KnoxCall | Conjur |
|---|---|---|
Third-party bearer key delivered into the workload Does the real vendor key ever land inside the running container? | ✓
Never on the egress path — injected at the wire | ✗
Yes — fetched into the app to read (by design) |
Readable by RCE / poisoned dependency in the process Can attacker code in the same process exfiltrate the key? | ✓
No provider key present to read | ✗
Yes, once fetched into memory |
Rotates the underlying VENDOR key, not just its lease Custodial rotation mints/deletes provider child keys (Cloudflare, SendGrid, AWS IAM…) | ✓
Rotates the real vendor key itself | ✗
Stores/rotates its own secrets; a static vendor key it stores never rotates itself |
Works for keys with no token-exchange endpoint (Stripe, OpenAI, Twilio) Static bearer tokens that cannot be federated away | ✓
Egress injection needs no vendor STS | ~
Can store/deliver, cannot federate — key still lands in the workload |
Credential in workload is short-lived & revocable What the process actually holds, and for how long | ✓
KnoxCall token, scoped + DPoP-bindable | ~
Short-lived Conjur access token to fetch; the fetched vendor secret can be long-lived |
Workload identity federation (OIDC token exchange, DPoP-bound) Swap a workload’s OIDC identity for a short-lived, sender-constrained token (RFC 8693) | ✓
DPoP-bound tokens via OIDC exchange | ~
Strong JWT/OIDC + K8s authenticators, but no DPoP sender-binding on issued tokens |
Access Control & Policy
| Feature | KnoxCall | Conjur |
|---|---|---|
Fully-enforcing RBAC / policy-as-code Declarative, version-controlled policy that hard-blocks access | ~
Roles + scopes enforced on the control plane; egress scope enforcement advisory today | ✓
Enforcing declarative YAML policy — a core strength |
Native Kubernetes / OpenShift authentication Machine identity via K8s authenticators, sidecars, injectors | ✗
No K8s operator or sidecar injector; workloads federate via OIDC token exchange | ✓
Deep native K8s/OpenShift authenticators |
Human + machine privileged access consolidation (PAM) Session mgmt, credential vaulting for admins alongside machines | ✗
KnoxCall is the outbound-credential layer, not a PAM | ✓
Part of the broader CyberArk PAM platform |
FIPS 140-2 validated cryptographic modules Government/regulated-crypto compliance mandate | ✗
Strong modern crypto, but not FIPS-validated | ✓
FIPS 140-2 Level 1 (Enterprise) |
Crypto & Data Protection
| Feature | KnoxCall | Conjur |
|---|---|---|
Encryption-as-a-Service (encrypt / decrypt / rewrap) Crypto operations without exposing key material | ✓ | ✗
Secrets storage, not an encryption-as-a-service API |
JWT + asymmetric signing (RSA / ECDSA / Ed25519) Sign & verify with algorithm-confusion defence | ✓
Alg-confusion defence built in (Pro+) | ✗ |
Format-preserving tokenization (PAN / SSN / email) Shape-mimicking tokens so downstream systems stay untouched | ✓
Tokenization vaults (Pro+) | ✗ |
BYOK via tenant master key Bring your own master key | ✓
Tenant master key (Enterprise) | ~
HSM/external-key integration in Enterprise deployments |
AI / Agent Security
| Feature | KnoxCall | Conjur |
|---|---|---|
LLM egress proxy for AI agents Capability keys + streaming PII redaction + prompt firewall; provider key never enters the workload | ✓
AI Gateway (redaction & packs Pro+) | ✗
No AI egress / redaction layer |
Streaming PII redaction (FF3-1 + hold-back FSM) Redacts PII from LLM traffic in-flight | ✓
AI PII-redaction path (Pro+) | ✗ |
Prompt firewall + canary leak + per-agent budgets Guardrails and spend controls for agent traffic | ✓
Budgets recorded, not hard-enforced (Pro+) | ✗ |
Operations & Setup
| Feature | KnoxCall | Conjur |
|---|---|---|
Managed SaaS No infrastructure to deploy or manage | ✓ | ~
Conjur Cloud available; Self-Hosted is heavy to deploy |
Setup Time Time from sign-up to production | Minutes | Weeks (enterprise rollout) |
Transparent self-serve pricing Sign up and pay online without a sales call | ✓
$0–$99/mo published; custom Enterprise | ✗
Quote-based, per-identity enterprise licensing |
Built-in analytics, geo & alerting Request metrics, world-map geo, notifications | ✓ | ~
Audit streaming; no built-in request analytics/geo |
CyberArk Conjur — now marketed as CyberArk Secrets Manager, Self-Hosted (with a managed Conjur Cloud option) — is one of the most credible machine-identity secrets managers in the market. It offers FIPS-validated crypto, fully-enforcing role-based access control expressed as declarative YAML policy-as-code, native Kubernetes and OpenShift authenticators, and consolidation into the broader CyberArk PAM platform that also governs human privileged access. If your mandate is enterprise-wide privileged access management for both people and machines, Conjur is a category leader and this page will not pretend otherwise.
KnoxCall is a different shape. It is the outbound-credential layer: the piece that governs what happens when your workload has to call Stripe, OpenAI, Twilio, or SendGrid. That is the credential class every secrets manager, Conjur included, still has to hand to the running process, because a static third-party bearer key exposes no exchange endpoint the vendor will honour.
KnoxCall is the right choice when the risk you care about is the outbound key sitting in the workload, and when you want transparent self-serve pricing instead of a per-identity enterprise quote. It runs in front of — not instead of — whatever secrets manager you already have. You keep Conjur (or Vault, or a cloud KMS) for storage and machine identity, and route your third-party API traffic through KnoxCall so the provider key is injected at the egress wire and never renders into a container. Startups and teams that want tokenization vaults, an AI egress gateway, and encryption-as-a-service on one bill in minutes get there without a rollout project.
Choose Conjur when your requirement is enterprise machine-identity and privileged-access management done to an audited, regulated standard. Concretely, Conjur is the better fit when:
KnoxCall is not a PAM replacement and does not try to be. If any of the above is your primary requirement, Conjur (or the broader CyberArk platform it now belongs to) is the correct tool, and KnoxCall is complementary rather than competitive.
Trace the pipeline for a static third-party bearer key — a Stripe secret key, an ANTHROPIC_API_KEY, a Twilio auth token. Conjur authenticates the workload beautifully (a Kubernetes authenticator, a short-lived Conjur access token) and then hands the workload the vendor secret to use. However elegant the delivery, it ends with the real key inside the running process, because that is the only thing the vendor’s API will accept. The short-lived token protects the fetch; it does not protect the fetched value once it is in memory. Rotating Conjur’s own credentials does not help either, because the underlying Stripe key is itself static — the vendor never designed it to be exchanged. That is a vendor-API limitation Conjur inherits, not a Conjur flaw.
KnoxCall’s structural move is to take the plaintext handoff off your machine on the egress hot path: the bearer key is injected at the wire and never enters your workload’s memory or environment, and there is no value-GET path to retrieve it. Custodial rotation goes one step further and mints, verifies, and deletes the provider’s own child keys — so the underlying vendor secret rotates, not just a lease. For the outbound credential class specifically, that is the loop Conjur structurally cannot close.
The honest residual. This is not zero-residual. A short-lived, scoped, revocable KnoxCall token still lives in your workload and can route requests through the proxy until it is revoked. The difference is what that token is: scoped to specific routes, audited on every call, DPoP-bindable, and short-lived — versus a static vendor key that is valid for years. KnoxCall does not stop a compromise; it is a trust dependency and an extra network hop, the same tradeoff you accept with any federation or token-exchange layer. And the scope is deliberately narrow: third-party outbound bearer keys on the egress path only. In-process machine credentials and your application’s own encryption keys are out of scope — Conjur still has a real job there, and so does its FIPS-validated, fully-enforcing, Kubernetes-native machine-identity model.
CyberArk does not publish list pricing; all commercial tiers are quote-based. Conjur Cloud is reported at roughly $40–$180 per workload identity; self-hosted Enterprise is reported around $1,000–$1,500 per identity annually, with HA/DR adding 30–50%. CyberArk was acquired by Palo Alto Networks (deal completed February 2026); Conjur Secrets Manager Enterprise has been renamed Secrets Manager, Self-Hosted. Figures are third-party estimates, not official list prices.
No. KnoxCall is the outbound-credential layer and runs in front of, not instead of, Conjur. Conjur remains the machine-identity secrets manager for in-process credentials, policy-as-code, and privileged access, while KnoxCall governs third-party bearer keys like Stripe, OpenAI, and Twilio on the egress path. For enterprise PAM requirements the two are complementary rather than competitive.
Yes, that is the intended deployment. You keep Conjur for secrets storage and machine identity, and route your third-party API traffic through KnoxCall so the provider key is injected at the egress wire and never renders into a workload. Adoption can happen strangler-fig, consumer by consumer, with no rip-and-replace.
Conjur is the better fit when you need FIPS 140-2 validated cryptographic modules, fully-enforcing declarative policy-as-code, or native Kubernetes and OpenShift authenticators. It also wins when you want to consolidate human and machine privileged access in one PAM platform, or when you require self-hosted or air-gapped deployment. KnoxCall is not FIPS-validated, ships no Kubernetes operator or sidecar injector, and its egress scope enforcement is advisory today.
KnoxCall publishes self-serve pricing: a free tier at $0, Starter at $19 per month, Pro at $99 per month, and custom Enterprise. CyberArk does not publish list pricing; commercial tiers are quote-based, with Conjur Cloud reported at roughly $40 to $180 per workload identity and self-hosted Enterprise reported around $1,000 to $1,500 per identity annually. Conjur Open Source is free but self-hosted and community-supported, without FIPS, HA clustering, or audit streaming.
KnoxCall runs in front of (not instead of) your existing Conjur or CyberArk deployment. Wire-inject your third-party API keys so they never render into a workload again — strangler-fig, consumer by consumer, no rip-and-replace.