What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment?
Our approach to configuration and secrets management in Alloy prioritizes security and integrity.
We maintain strict confidentiality regarding the storage of sensitive information.
Adhering to the principle of least privilege, only essential Alloy team members possess access to alter release pipeline configurations, following established change management protocols.
Our security measures include generating and encrypting keys, secrets, or tokens as one-time-use items within deployment pipelines. This ensures that these values remain unreadable by individuals.
In scenarios where this isn’t feasible, we implement stringent access policies, limiting access to crucial Alloy team members. Our vault access aligns with Causeway IT policies, providing an extra layer of oversight and control.