CyberArk Conjur cloud cli - how fix zsh: operation not permitted: ./conjur

As a consultant, it's always a pleasure to explore new tools, and since the end of 2024, we have been experimenting with CyberArk's SaaS offering.

The first component we started working with is Conjur Cloud, the SaaS version of Conjur Enterprise, which we are already very familiar with.

Conjur Cloud features an impressive UI that allows users to configure and manage most settings 

seamlessly. 

Like Conjur Enterprise, it also has its own dedicated CLI, which is available for download on the CyberArk Marketplace.After installing the Conjur Cloud CLI on macOS 15.2, I encountered the following error when attempting to execute it:

conjur -version
zsh: operation not permitted: ./conjur

 


After some troubleshooting, I discovered that the binary had been quarantined by macOS 15.2. Running the following command confirmed this:

xattr -l /Applications/ConjurCloudCLI.app/Contents/Resources/conjur/conjur

where I got as output:

com.apple.quarantine: 0187;678a416a;Microsoft\\x20Teams\\x20WebView;

To resolve this issue, I removed the quarantine attribute using the following command:

xattr -d com.apple.quarantine /Applications/ConjurCloudCLI.app/Contents/Resources/conjur/conjur

After applying this fix, I was able to successfully launch the CLI:

conjur --version Conjur Cloud CLI version 1.1.2

macOS, Podman Desktop and the Podman machine: pay close attention to the Podman version.

Using Podman as the standard tool requested by clients for running local containers outside of a Kubernetes environment, I decided to start the year by installing Podman Desktop on my company MacBook.

Podman Desktop features a user interface (UI) similar to Docker Desktop, making it easier to manage containers and images. It also includes plugin management to extend its functionality (e.g., deploying containers on Kubernetes).

After installing Podman Desktop version 1.15.0, I proceeded with the setup but encountered issues with the Podman machine (the virtual machine dedicated to running containers), which failed to start (no errors, it just hung).

After performing all the necessary checks and finding no logs, I tried the usual troubleshooting steps, including cleaning up and reinstalling. 

This resolved the issue and revealed the cause: my MacBook previously had an older version of Podman installed in the past, that I totally forgot.

podman --version
podman version 4.3.1

Following the new installation of Podman Desktop, since no existing version was detected, the setup prompted me to install a newer version:

podman --version
podman version 5.3.1

At this point, the setup for Podman Desktop identified that the existing Podman machine was incompatible with the current release.

After confirming the removal of the unsupported Podman machine and proceeding with its recreation, the Podman machine started successfully.

Confirmed as KubeWeekly Editor: Giving Back to the Cloud-Native Community in 2025

One of the pleasures of working with open-source software (OSS) and community-driven initiatives is the endless opportunities they offer. If you ever find yourself with "not enough" to do at work (yes, that's ironic!), there's always an easy way to take on something extra and meaningful.

Contributing back to the community you're part of is a wonderful way to express gratitude. After all, how could anyone be luckier than to give back to something they love? 😊

For 2025, one of my ongoing community chores will be serving as a KubeWeekly editor—for the second consecutive year!

For those unfamiliar, KubeWeekly is a fantastic mailing list that curates the latest news, trends, and updates in the cloud-native ecosystem. If you work in this space, I highly recommend subscribing so you don’t miss out!

Here’s the link: KubeWeekly

KCD Italy will return in 2025 with a new name

Yesterday, the organizers of KCD Italy announced that the conference will return in 2025, once again in Bologna in June!!

For various organizational reasons, the conference will change its name to Cloud Native Days Italy, but the quality will remain the same.

At the moment, nothing else is known. Start marking a reminder in your calendar, see you in Bologna! 

Security conference - BSIDES GALWAY February 22nd, 2025

It’s been a couple of years since I moved to Galway, and I’m still absolutely thrilled with my decision!

During the past few months, I had the chance to meet some awesome people at a local security meetup called burbsec. It was a nice experience—sharing ideas, meeting new faces, and of course, enjoying a few beers ;-) !!

Now, some of these folks are organizing a security conference called BSIDES Galway, happening on February 22nd, 2025!

The event will be held at the University of Galway and marks the very first local edition of the globally renowned BSIDES format, which takes place in cities all over the world.

The goal? To create a welcoming space where people can dive into fascinating sessions, exchange ideas, and have a blast—all while focusing on cybersecurity.

If you’re excited about joining, make sure to check out the official event website!

Right now, the Call for Papers (CFP) is open, and there are still opportunities for sponsorship.

Just a couple of days ago, the organizers dropped the first batch of early-bird tickets, and they SOLD OUT within hours!

So if you’re interested in attending, submitting a talk, or becoming a sponsor, head over to the website for all the details. I can’t wait to see some of you there! 

Some links:

Event site: https://bsidesgalway.com/menu

Tickets: https://ti.to/bsides-galway/bsides-galway-2025

Social: https://x.com/BSidesGalway

CyberArk Conjur 13.4 - the evolution contues

About a month ago, a new release of Conjur Enterprise was launched, now at version 13.4, bringing exciting new features to the product!

Here are my top 3 favorites, though there are many more updates, which you can find here:

• Sync of empty safes from Vault: This is essential for managing policy creation through automation.
• Dynamic application configuration: It is now possible to modify various Conjur configuration parameters that previously had to be set when creating the container! Now they are all included in the usual conjur.yml.
• Extended ESO support: Now the External Secrets Operator can use regex in findByName and findByTags.

As has been the case for several releases, I’d like to reiterate that CyberArk’s development of Conjur is moving quickly, and with each release, the product becomes more and more complete. 

Well done, CyberArk!

cryptsetup, how to protect entire disks or USB keys, notes on technical_notebook

I have been using an encrypted USB drive for several years, which unlocks with biometric access. In recent days, I have wondered how to do the same with other disks or USB keys.

The answer is cryptsetup, an utility included in most Linux distributions. I have done some tests and documented how to use it in this repository, which I have named technical_notebook.

I will use technical_notebook as a notebook; it will contain commands, concepts, or useful links. The purpose of the repo is to not forget them, have them easily available, and perhaps help someone if they have my same needs.