What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment?

cmcnicholas · 10 August 2023 18:35

cmcnicholas · 10 August 2023 18:36

Our approach to configuration and secrets management in Alloy prioritizes security and integrity.

We maintain strict confidentiality regarding the storage of sensitive information.

Adhering to the principle of least privilege, only essential Alloy team members possess access to alter release pipeline configurations, following established change management protocols.

Our security measures include generating and encrypting keys, secrets, or tokens as one-time-use items within deployment pipelines. This ensures that these values remain unreadable by individuals.

In scenarios where this isn’t feasible, we implement stringent access policies, limiting access to crucial Alloy team members. Our vault access aligns with Causeway IT policies, providing an extra layer of oversight and control.

Topic		Replies	Views
Do you automate integration and deployment pipelines and how do you enforce security, consistency and auditing? Infrastructure development	1	88	10 August 2023
How do you manage risk of internal and third-party software libraries used in code? General security	1	67	10 August 2023
Does the solution use Role Based permissions/authorisation? General authentication , user , security	1	106	30 July 2021
Are changes to the service assessed for any potential security impact? General development	1	80	30 July 2021
How do you separate the production environment from testing or development environments? General development	1	75	10 August 2023

What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment?

Related Topics