Tuono Secrets Management: End to End Protection

I am excited to announce the launch of Tuono Secrets Management 2.0. It is now a simple point and click operation to save a secret into your dedicated secrets store. Our Secrets Manager is fully integrated with role-based access control and automatically logs all secrets activity to provide a complete audit history. Now, anyone can manage their information securely without having to setup and configure the underlying infrastructure. Tuono has done all the heavy lifting.

Secrets Management is not a new concept. AWS Secrets Manager, Azure Key Vault, Google Cloud Secrets Manager, and Hashicorp Vault all exist in the market today. Tuono has taken a unique approach with our Secrets Manager. We offer comprehensive audit logging, Role-Based Access Control, extremely simple GUI and API access, and a patent-pending system for protecting your secrets through the automation pipeline. The Tuono Secrets Manager can also be used with the public cloud of your choice.

End to end secret protection

Secrets management is about protecting critical information. Unfortunately, the existing options only protect the information when it is in the secret manager. In a traditional secrets manager, the secret is requested from the secrets manager and from then on, it is passed through the automation pipeline and at the risk of being exposed. Terraform, a common Infrastructure as Code tool, regularly stores secrets in plaintext in the state file for example. Secrets could leak accidentally through logging, coding errors, configuration errors, etc.

Tuono does not retrieve the actual secret from secure storage until the API call to the public cloud needs it. This makes it incredibly difficult for anyone (including us) to leak your secret. We refer to this as “late binding secrets” and the patent is pending. We believe the best way to protect a secret is to leave it in the vault for as long as possible.

Integrated role-based access control

Role-based Access Control (RBAC) is also essential to managing secrets. Some items should be accessible to the entire organization, some are shared with a team, and some are restricted to a single user. Configuring and managing this in a traditional secrets management system can be complex and even require the DevOps team to write code to connect heterogeneous systems. The owner of a Tuono secret can select to keep it private or share it with a group of collaborators. RBAC is fully integrated.

Audit logging

Protecting secrets is only a part of the challenge. Demonstrating compliance and responding to audit requests is part of managing cloud infrastructure. Tuono automatically tracks how secrets are used and modified. The audit log keeps a clear history of changes and provides the information needed.

Fully integrated Secrets Management

Tuono’s SaaS platform offers everything you need to operationalize and scale your cloud automation. Today we have enhanced our Secrets Manager to offer end to end protection for your most critical secrets. You can give it a try for yourself by signing up for our free Community Edition.

Deploy your first environment