security cloud asset

Adopt Strong Cloud Security Strategies from the Ground up!

A proposed standard which allows cloud infrastructure to define security policies.

Designed for Cloud Governance

Identify bottlenecks in a haystack of code

The experience of Infrastructure-as-Code, simplified visually. Import Terraform and visualize your infrastructure at t=0.

Bring ideas to life with Brainboard’s design to code

No need to write the terraform code, Brainboard autogenerates the full code for you as you configure your cloud assets.

Test, fail and learn from your infra until it's ready to be deployed

Design & deploy real cloud infrastructure use cases and manage smarter, not harder.

Deploy on the fly and optimize your cloud cost and security postures

Stop learning theoretical concepts and start applying real-case Infrastructure-as-Code actions.

Build production-ready architectures templates and modules your colleagues can reuse

Many diagrams for different purposes you can reuse, configure and share in the templates catalog.

Document everything you have in the Multi-Cloud

Document and collaborate on scaling your infrastructure, one change at a time.

Govern your organization's most important assets

Manage your organization's cloud projects, class environments, architecture notebooks, and CI/CD workflows.

Your peace of mind is our priority!

terraform remote backend
Remote Backend Data

We support secure .tfstate management via its remote backend functionality.

terraform security
Sandboxed Deployment

All deployment (plan, apply, …) are sandboxed in ephemeral containers. We protect your infrastructure data, to be specifically shown to strict number of approved users.

Encrypted Connection, a Standard

We use encryption to keep your data private while in transit.

terraform encryption
multi-cloud security
Secure cloud providers' Connection

We leverage safe methods to share credentials like AWS assume role or Azure app certificates.

CI/CD's Email approvals

Notifying your manager or colleagues about your infrastructure changes before you deploy is a terraform best practice. We've implemented natively with Slack notification & approval email's task in the CI/CD Engine.

security notifications
advanced rbac
Advanced RBAC/ABAC

This feature allows different teams or users to be assigned different roles and permissions, enabling them to access and modify specific resources within the architecture.

2 Factor Authentication

2FA adds an extra layer of security to your account, ensuring that you're the only person who can access it, even if someone knows your password. It's a simple, effective way to prevent unauthorized access.

2factor authentication
Authorized access only

We review our information collection, storage, and processing practices to prevent unauthorized access to our systems.

authorised access only
Automated Security Checks from your favorite open-source tools
ci/cd engine integration
soc2 compliant
SOC2 compliant

SOC 2 (System and Organization Controls) is a type of audit and certification that assesses the internal controls of a service organization related to security, availability, processing integrity, confidentiality and privacy of a system.

drift detection
Drift Detection

Detect drift before it happens.

Global view of what you have and have not

Structure your projects, environments, and architecture in a single organization-wide view. Unify your people and processes around a single source of truth that contains 100% accurate cloud infrastructure architecture diagrams, Terraform code, and deployment outputs.

design to code

Choose your Cloud Security Flexibility

Single tenant
A single instance of a software application and your supporting infrastructure are isolated from other customers and not shared with any other organization.
Book a demo
Brainboard is only available through our Web Application, accessible on all secure browser. It's $99 per month per user, all features included.
Get Started
You are running and maintaining your terraform infrastructure or cloud service using a private web server.
Book a demo
cloud security

We care about Security

If you have any questions, or encounter any issues, please contact us.

Frequently asked questions

Have a different question?
Book a demo
How secrets work in Brainboard?

When we ask the question about secrets, people usually mean one of the 3 things or all of them:

1. As a user, how can I add my secrets in Brainboard and use them?
You have the possibility to add them as a variable and flag it as sensitive, this way they will be put in our Hashicorp Vault and will be hidden from the output when the task is executed. We are planning to open our Vault to our customers but we don’t have an ETA yet.

2. How can I access my secrets in my key-vault like KMS, Azure KV or Hashicorp vault?
If you already have a vault like KMS, AKV, you can use the AWS or Azure resource for that.
For e.g. aws_kms_key to create a new key or use data to use an existing one. Or azurerm_key_vault ****for Azure.
You can also combine kms resources and use variables that are flagged secrets in their id or alias to completely hide any information regarding secrets

3. How secrets are managed at deployment time?
At deployment time, if you deploy with your own CI/CD pipeline, you can inject secret by the tool you use as the variables are already defined. If you deploy through Brainboard, it creates an isolated execution environments, get secrets from Vault and provide them to Terraform for execution.

Is Brainboard secure?

Brainboard offers several key features that enhance your Infrastructure-as-Code (IaC) operations:

Data Ownership: In Brainboard, users own their data in every action they do, whether it's pull requests, git workflows, or remote back-end. Brainboard only accesses data in specific scenarios, such as designing and pushing to git, planning and pushing to git, and designing & deploying within Brainboard.

Isolated Environment for Terraform Execution: Brainboard provides several execution options for your Terraform code, including running Terraform in an isolated environment. This means that the code is executed in a separate, secure environment that is not accessible by other applications or users, providing an additional layer of security to your data during testing.

Encryption: All data stored in Brainboard, including the architecture diagram, cloud resources and configuration, variables, and credentials, are encrypted both at rest and in transit. This means that the data is stored in an encrypted format in the Brainboard database and any data transmitted between Brainboard and external systems is encrypted to prevent interception by unauthorized parties.

Role-Based Access Control (RBAC): Brainboard has implemented RBAC, a security mechanism that ensures that users have access to only the resources they need to perform their jobs. By defining IAM (Identity and Access Management) roles and policies, you can assign permissions to users based on their job function and limit access to only the resources they need to perform their work.

SOC2 Certification: Brainboard is SOC2 certified, meaning that the platform has undergone a rigorous security audit by an independent third-party auditor and has been found to meet the criteria for the SOC2 security standard. This certification demonstrates Brainboard's commitment to maintaining the highest levels of security and privacy for their customers’ data.

How can I use or define a remote backend?

You have 2 options:

1. Configure the default remote backend at the organization level here: where you can specify either S3 or Azure blob storage. Brainboard will construct the right configuration that you can see in a file: [](<>) This file will be included when you do the pull request.

2. You also have the possibility to override the global configuration and set a specific remote backend at the architecture level. It works the same way.

What about the locking mechanism?

The locking mechanism is a way to protect the Terraform state to prevent concurrent execution against the same file that will corrupt it. If you use S3 as a remote a backend it’s advised to use Dynamodb table for that.

At Brainboard we implemented our own mechanism to project the Terraform state even at the UI level. When there is an ongoing execution, Brainboard doesn’t accept to trigger a new one and warn the user that there is an ongoing action.

Can I speak to a professional?

Yes, you can speak to a professional while using Brainboard. There are several ways to get in touch:

Real-time Support: While using Brainboard, you can reach out in real time by clicking on the "Ask us anything" button in the top right corner. One of the team members will reply to answer your questions or assist you with any technical topic.

Email Support: If you prefer asynchronous communication or if you want to schedule a call for help on a specific technical topic, you can reach out to the technical team at [email protected]. A cloud architect from the team will assist you.

Security Reports: To request access to security reports like SOC 2 Type II, you can use the provided portal. Your account manager or sales representative will approve your request.

Report Security Issues: If you need to report a security issue, you can reach out to the security team at [email protected].

Feature Request: If you want to request a new feature or see what the community has requested, you can check Brainboard's public roadmap.

Request a Demo: To request a demo of Brainboard, you can reach out to the sales team at [email protected].Remember, the Brainboard team loves talking to their users, so don't hesitate to reach out with any questions or concerns you may have.

How do I minimize drift between environments?

To minimize drift between environment, you can use the synced architecture that replicate any change you do in one environment into the other automatically while still isolating each env with its own variables.

Does the application support single sign-on? What standards are supported?

Yes, we support SSO. Standards: OpenID Connect (OIDC) and SAML 2.0.

Does the vendor use 3rd party data centers?

We do not use 3rd party data centers. Everything is in the cloud, either Azure or AWS.

Security controls like SOC 2 Type 2 report

For SOC2 Type 2 information, you can request access here: